Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: moodle

Found 46 matching suggestions

View:
Compact
Detailed
Dismissed
Permalink CVE-2012-1157
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 3 weeks ago
  • @LeSuisse removed package moodle-dl 1 month, 2 weeks ago
  • @LeSuisse dismissed 1 month, 2 weeks ago
Moodle before 2.2.2 has a default repository capabilities issue where …

Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default

References

Affected products

Moodle
  • ==2.0 to 2.0.7+
  • ==2.1 to 2.1.4+
  • ==2.2 to 2.2.1+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Old issue current stable branch was never impacted.
Dismissed
Permalink CVE-2012-1161
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 3 weeks ago
  • @LeSuisse removed package moodle-dl 1 month, 2 weeks ago
  • @LeSuisse dismissed 1 month, 2 weeks ago
Moodle before 2.2.2: Course information leak via hidden courses being …

Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results

References

Affected products

Moodle
  • ==2.1 to 2.1.4+
  • ==2.2 to 2.2.1+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Old issue current stable branch was never impacted.
Dismissed
Permalink CVE-2012-1156
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 3 weeks ago
  • @LeSuisse removed package moodle-dl 1 month, 2 weeks ago
  • @LeSuisse dismissed 1 month, 2 weeks ago
Moodle before 2.2.2 has users' private files included in course …

Moodle before 2.2.2 has users' private files included in course backups

References

Affected products

Moodle
  • ==2.0 to 2.0.7+
  • ==2.1 to 2.1.4+
  • ==2.2 to 2.2.1+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Old issue current stable branch was never impacted.
Dismissed
Permalink CVE-2012-1159
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 3 weeks ago
  • @LeSuisse removed package moodle-dl 1 month, 2 weeks ago
  • @LeSuisse dismissed 1 month, 2 weeks ago
Moodle before 2.2.2: Overview report allows users to see hidden …

Moodle before 2.2.2: Overview report allows users to see hidden courses

References

Affected products

Moodle
  • ==2.1 to 2.1.4+
  • ==2.2 to 2.2.1+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Old issue current stable branch was never impacted.
Dismissed
Permalink CVE-2012-1158
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 3 weeks ago
  • @LeSuisse removed package moodle-dl 1 month, 2 weeks ago
  • @LeSuisse dismissed 1 month, 2 weeks ago
Moodle before 2.2.2 has a course information leak in gradebook …

Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export

References

Affected products

Moodle
  • ==2.1 to 2.1.4+
  • ==2.2 to 2.2.1+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Old issue current stable branch was never impacted.
Dismissed
Permalink CVE-2012-1155
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 3 weeks ago
  • @LeSuisse removed package moodle-dl 1 month, 2 weeks ago
  • @LeSuisse dismissed 1 month, 2 weeks ago
Moodle has a database activity export permission issue where the …

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

References

Affected products

Moodle
  • ==2.0.x
  • ==2.1.x
  • ==2.2.x
  • ==1.9.x

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Old issue current stable branch was never impacted.
Dismissed
Permalink CVE-2012-1168
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 3 weeks ago
  • @LeSuisse removed package moodle-dl 1 month, 2 weeks ago
  • @LeSuisse dismissed 1 month, 2 weeks ago
Moodle before 2.2.2 has a password and web services issue …

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

References

Affected products

Moodle
  • ==2.0 to 2.0.7+
  • ==2.1 to 2.1.4+
  • ==2.2 to 2.2.1+

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Old issue current stable branch was never impacted.
Published
Permalink CVE-2026-26047
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @LeSuisse removed package moodle-dl 1 month, 2 weeks ago
  • @LeSuisse accepted 1 month, 2 weeks ago
  • @LeSuisse published on GitHub 1 month, 2 weeks ago
Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.

References

Affected products

moodle
  • <5.1.2
  • <5.0.5
  • <4.5.9

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Upstream advisory: https://moodle.org/mod/forum/discuss.php?d=473316#p1896307
Published
Permalink CVE-2026-26045
7.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @LeSuisse removed package moodle-dl 1 month, 2 weeks ago
  • @LeSuisse accepted 1 month, 2 weeks ago
  • @LeSuisse published on GitHub 1 month, 2 weeks ago
Moodle: moodle: improper validation in file restore functionality leading to remote code execution

A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.

References

Affected products

moodle
  • <5.1.2
  • <5.0.5
  • <4.5.9

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Upstream advisory: https://moodle.org/mod/forum/discuss.php?d=473314#p1896305
Published
Permalink CVE-2026-26046
7.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): HIGH
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @LeSuisse removed package moodle-dl 1 month, 2 weeks ago
  • @LeSuisse accepted 1 month, 2 weeks ago
  • @LeSuisse published on GitHub 1 month, 2 weeks ago
Moodle: moodle: improper input sanitization in tex filter administration setting

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator could result in unintended system command execution. While exploitation requires administrative privileges, successful compromise could affect the entire Moodle server.

References

Affected products

moodle
  • <5.1.2
  • <5.0.5
  • <4.5.9

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

Package maintainers

Upstream advisory: https://moodle.org/mod/forum/discuss.php?d=473315#p1896306