Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged
Permalink CVE-2025-67853
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed package moodle-dl 2 months ago
Moodle: moodle: brute-force facilitation due to missing rate limiting in confirmation email service

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.

References

Affected products

moodle
  • <4.5.8
  • <4.4.12
  • <5.1.1
  • <5.0.4
  • <4.1.22

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

  • nixos-unstable 5.1.1
    • nixpkgs-unstable 5.0.4
    • nixos-unstable-small 5.1.1
  • nixos-25.11 -
    • nixos-25.11-small 5.0.4
    • nixpkgs-25.11-darwin 5.0.4

Package maintainers