Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2023-28336

created 5 months ago

Moodle: teacher can access names of users they do not have permission to access

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.

Affected products

moodle

<4.0.7
<3.11.13
<4.1.2
<3.9.20

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable -
- nixpkgs-unstable 5.0.2

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable -
- nixpkgs-unstable 2.3.13

Package maintainers

@freezeboy freezeboy
@kmein Kierán Meinhardt <kmein@posteo.de>