Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-67853

updated 2 weeks, 2 days ago by @LeSuisse Activity log

Created automatic suggestion 2 weeks, 4 days ago
@LeSuisse removed package moodle-dl 2 weeks, 2 days ago

Moodle: moodle: brute-force facilitation due to missing rate limiting in confirmation email service

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.

Affected products

moodle

<5.1.1
<5.0.4
<4.5.8
<4.1.22
<4.4.12

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.1.1
- nixpkgs-unstable 5.0.4
- nixos-unstable-small 5.1.1
nixos-25.11 -
- nixos-25.11-small 5.0.4
- nixpkgs-25.11-darwin 5.0.4

Package maintainers

@freezeboy freezeboy

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.moodle

Package maintainers