Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/83187?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "4.4.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.5.9", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57182?format=api", "vulnerability_id": "VCID-17k8-g4xw-b7g9", "summary": "Moodle allows IDOR when accessing the cohorts report\nA flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3647", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26664", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3647" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359762", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:45Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359762" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/bd6ec0ac84cf0f73ab35e7e244e1f9b06929083a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/bd6ec0ac84cf0f73ab35e7e244e1f9b06929083a" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=467607", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:45Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=467607" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3647", "reference_id": "CVE-2025-3647", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:45Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3647" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3647", "reference_id": "CVE-2025-3647", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3647" }, { "reference_url": "https://github.com/advisories/GHSA-34g7-pg9j-pxgp", "reference_id": "GHSA-34g7-pg9j-pxgp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-34g7-pg9j-pxgp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84926?format=api", "purl": "pkg:composer/moodle/moodle@4.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/84927?format=api", "purl": "pkg:composer/moodle/moodle@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4" } ], "aliases": [ "CVE-2025-3647", "GHSA-34g7-pg9j-pxgp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-17k8-g4xw-b7g9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48125?format=api", "vulnerability_id": "VCID-1efm-18zh-w7gm", "summary": "Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00059", "scoring_system": "epss", "scoring_elements": "0.18843", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62400" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404433", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:48:02Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404433" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/0c70d67059658879a71152ea075c74154a627d05", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/0c70d67059658879a71152ea075c74154a627d05" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=470389", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=470389" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-62400", "reference_id": "CVE-2025-62400", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:48:02Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-62400" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62400", "reference_id": "CVE-2025-62400", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62400" }, { "reference_url": "https://github.com/advisories/GHSA-422v-w6c5-vq42", "reference_id": "GHSA-422v-w6c5-vq42", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-422v-w6c5-vq42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71069?format=api", "purl": "pkg:composer/moodle/moodle@4.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/71068?format=api", "purl": "pkg:composer/moodle/moodle@4.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/71064?format=api", "purl": "pkg:composer/moodle/moodle@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.3" } ], "aliases": [ "CVE-2025-62400", "GHSA-422v-w6c5-vq42" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1efm-18zh-w7gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57186?format=api", "vulnerability_id": "VCID-1wup-hjxg-f7g4", "summary": "Moodle shows hidden grades to users without permission on some grade reports\nA flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81945", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81945" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32045", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.35919", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32045" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356835", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:37:20Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356835" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=467086", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=467086" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-32045", "reference_id": "CVE-2025-32045", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:37:20Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-32045" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32045", "reference_id": "CVE-2025-32045", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32045" }, { "reference_url": "https://github.com/advisories/GHSA-8m7c-hm88-2p97", "reference_id": "GHSA-8m7c-hm88-2p97", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8m7c-hm88-2p97" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84930?format=api", "purl": "pkg:composer/moodle/moodle@4.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/84931?format=api", "purl": "pkg:composer/moodle/moodle@4.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wjby-arfq-buby" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.3" } ], "aliases": [ "CVE-2025-32045", "GHSA-8m7c-hm88-2p97" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1wup-hjxg-f7g4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57183?format=api", "vulnerability_id": "VCID-29mv-feyq-guew", "summary": "Moodle has a CSRF risk in user tours manager that allows tour duplication\nA security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3635", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.3457", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3635" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359709", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:11Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359709" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/dbd723f81c07423d4082d54cd1d90b1b68c44379", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/dbd723f81c07423d4082d54cd1d90b1b68c44379" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=467597", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=467597" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3635", "reference_id": "CVE-2025-3635", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:11Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3635" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3635", "reference_id": "CVE-2025-3635", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3635" }, { "reference_url": "https://github.com/advisories/GHSA-88xj-97gf-7wpq", "reference_id": "GHSA-88xj-97gf-7wpq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-88xj-97gf-7wpq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84926?format=api", "purl": "pkg:composer/moodle/moodle@4.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/84927?format=api", "purl": "pkg:composer/moodle/moodle@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4" } ], "aliases": [ "CVE-2025-3635", "GHSA-88xj-97gf-7wpq" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29mv-feyq-guew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56246?format=api", "vulnerability_id": "VCID-2urf-d2qr-abdy", "summary": "Moodle Lesson activity password bypass through PHP loose comparison\nA flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to \"magic hash\" values.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.60204", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45691" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309940", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T19:17:16Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309940" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/3fc1073d304f660d2552b591c5fb92547ed01e92", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/3fc1073d304f660d2552b591c5fb92547ed01e92" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461897#p1854494", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461897#p1854494" }, { "reference_url": "https://moodle.org/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/security" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45691", "reference_id": "CVE-2024-45691", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45691" }, { "reference_url": "https://github.com/advisories/GHSA-xfv7-h2qg-rjm7", "reference_id": "GHSA-xfv7-h2qg-rjm7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xfv7-h2qg-rjm7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83316?format=api", "purl": "pkg:composer/moodle/moodle@4.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.3" } ], "aliases": [ "CVE-2024-45691", "GHSA-xfv7-h2qg-rjm7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2urf-d2qr-abdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57192?format=api", "vulnerability_id": "VCID-3yre-ft3n-2fd3", "summary": "Moodle has an IDOR in messaging web service which allows access to some user details\nA flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3645", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26664", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3645" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359761", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:48Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359761" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/2fd810c8981f9b10087467a3b8fce779b157200f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/2fd810c8981f9b10087467a3b8fce779b157200f" }, { "reference_url": "https://github.com/moodle/moodle/commit/a8179842b450659c288f284e06361a4fbab8742a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/a8179842b450659c288f284e06361a4fbab8742a" }, { "reference_url": "https://github.com/moodle/moodle/commit/bb65effe41524d8373c1dc499c3323ac469ea558", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/bb65effe41524d8373c1dc499c3323ac469ea558" }, { "reference_url": "https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-72704&type=commits", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-72704&type=commits" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=467606", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:48Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=467606" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3645", "reference_id": "CVE-2025-3645", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:48Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3645" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3645", "reference_id": "CVE-2025-3645", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3645" }, { "reference_url": "https://github.com/advisories/GHSA-pj96-xh2w-fgqx", "reference_id": "GHSA-pj96-xh2w-fgqx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pj96-xh2w-fgqx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84926?format=api", "purl": "pkg:composer/moodle/moodle@4.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/84927?format=api", "purl": "pkg:composer/moodle/moodle@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4" } ], "aliases": [ "CVE-2025-3645", "GHSA-pj96-xh2w-fgqx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3yre-ft3n-2fd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49983?format=api", "vulnerability_id": "VCID-44zf-1dw7-qkf5", "summary": "Moodle formula injection vulnerability\nA flaw was found in Moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to compromised data integrity and unintended operations within the spreadsheet.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67851", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1974", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67851" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423841", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423841" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/29820c5ff4ef381c7a743091ec5c68ac82903b22", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/29820c5ff4ef381c7a743091ec5c68ac82903b22" }, { "reference_url": "https://github.com/moodle/moodle/commit/aa66bacd0783cbc33528fba9c2adca1f685a59bd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/aa66bacd0783cbc33528fba9c2adca1f685a59bd" }, { "reference_url": "https://github.com/moodle/moodle/commit/dc57ccc491a2a04032445a3ee92fd0d335ebd746", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/dc57ccc491a2a04032445a3ee92fd0d335ebd746" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471301", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471301" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67851", "reference_id": "CVE-2025-67851", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T17:02:36Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67851" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67851", "reference_id": "CVE-2025-67851", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67851" }, { "reference_url": "https://github.com/advisories/GHSA-qfh6-h7j6-fvjv", "reference_id": "GHSA-qfh6-h7j6-fvjv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qfh6-h7j6-fvjv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73590?format=api", "purl": "pkg:composer/moodle/moodle@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73589?format=api", "purl": "pkg:composer/moodle/moodle@4.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/73588?format=api", "purl": "pkg:composer/moodle/moodle@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67851", "GHSA-qfh6-h7j6-fvjv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44zf-1dw7-qkf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49970?format=api", "vulnerability_id": "VCID-4zvp-nmrk-4qbq", "summary": "Moodle Cross-site Scripting (XSS) vulnerability\nA flaw was found in Moodle. This Cross-site Scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface could be manipulated.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67849", "reference_id": "", "reference_type": "", "scores": [ { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00697", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67849" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423835", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423835" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/a3063dcaa44dbe66e60a37cadb33bfadfe4feb03", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/a3063dcaa44dbe66e60a37cadb33bfadfe4feb03" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471299", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471299" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67849", "reference_id": "CVE-2025-67849", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67849" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67849", "reference_id": "CVE-2025-67849", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67849" }, { "reference_url": "https://github.com/advisories/GHSA-mhf6-pp52-8wqj", "reference_id": "GHSA-mhf6-pp52-8wqj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhf6-pp52-8wqj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73590?format=api", "purl": "pkg:composer/moodle/moodle@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73589?format=api", "purl": "pkg:composer/moodle/moodle@4.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/73588?format=api", "purl": "pkg:composer/moodle/moodle@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67849", "GHSA-mhf6-pp52-8wqj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zvp-nmrk-4qbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49974?format=api", "vulnerability_id": "VCID-5snb-dyv3-efe9", "summary": "Moodle Open Redirect vulnerability\nA flaw was found in Moodle. An Open Redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67852", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03529", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67852" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423844", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:44:09Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423844" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/fa1624c8c9e3efa917f0e9d2666bb59d8be2a975", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/fa1624c8c9e3efa917f0e9d2666bb59d8be2a975" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471302", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471302" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67852", "reference_id": "CVE-2025-67852", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:44:09Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67852" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67852", "reference_id": "CVE-2025-67852", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67852" }, { "reference_url": "https://github.com/advisories/GHSA-qv78-6gpp-hm68", "reference_id": "GHSA-qv78-6gpp-hm68", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qv78-6gpp-hm68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73590?format=api", "purl": "pkg:composer/moodle/moodle@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73589?format=api", "purl": "pkg:composer/moodle/moodle@4.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/73588?format=api", "purl": "pkg:composer/moodle/moodle@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67852", "GHSA-qv78-6gpp-hm68" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5snb-dyv3-efe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49967?format=api", "vulnerability_id": "VCID-5xhb-mx3v-fuhs", "summary": "Moodle Inserts Sensitive Information Into Sent Data\nA flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06023", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67857" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423868", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423868" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/ac30e7e19357f696979b7ffd760a7131b6ad88f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/ac30e7e19357f696979b7ffd760a7131b6ad88f6" }, { "reference_url": "https://github.com/moodle/moodle/commit/c6cb8d971257c04a12a2c5d8510a89cb906f46f0", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/c6cb8d971257c04a12a2c5d8510a89cb906f46f0" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471307", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471307" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67857", "reference_id": "CVE-2025-67857", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:40:38Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67857" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67857", "reference_id": "CVE-2025-67857", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67857" }, { "reference_url": "https://github.com/advisories/GHSA-8jrv-wx83-w3xj", "reference_id": "GHSA-8jrv-wx83-w3xj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8jrv-wx83-w3xj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73590?format=api", "purl": "pkg:composer/moodle/moodle@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73589?format=api", "purl": "pkg:composer/moodle/moodle@4.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/73588?format=api", "purl": "pkg:composer/moodle/moodle@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67857", "GHSA-8jrv-wx83-w3xj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xhb-mx3v-fuhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49975?format=api", "vulnerability_id": "VCID-61ry-zz34-8qhj", "summary": "Moodle authentication bypass vulnerability\nA flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67848", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15459", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67848" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423831", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423831" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/62f372e9d861d16df702d3c7726905fa2730e3d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/62f372e9d861d16df702d3c7726905fa2730e3d8" }, { "reference_url": "https://github.com/moodle/moodle/commit/c2705e2c18962fec4f21b9c34ed386be2a379663", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/c2705e2c18962fec4f21b9c34ed386be2a379663" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471298", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471298" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67848", "reference_id": "CVE-2025-67848", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:50Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67848" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67848", "reference_id": "CVE-2025-67848", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67848" }, { "reference_url": "https://github.com/advisories/GHSA-j5jv-w5cw-j9ff", "reference_id": "GHSA-j5jv-w5cw-j9ff", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j5jv-w5cw-j9ff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73590?format=api", "purl": "pkg:composer/moodle/moodle@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73589?format=api", "purl": "pkg:composer/moodle/moodle@4.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/73588?format=api", "purl": "pkg:composer/moodle/moodle@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67848", "GHSA-j5jv-w5cw-j9ff" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-61ry-zz34-8qhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50291?format=api", "vulnerability_id": "VCID-657g-68tv-dkam", "summary": "Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits\nA Denial of Service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26047", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.262", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26047" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440905", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:29:50Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440905" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/8683b4a04939332e353cad1be51222930dc40b2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/8683b4a04939332e353cad1be51222930dc40b2c" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=473316", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=473316" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-26047", "reference_id": "CVE-2026-26047", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:29:50Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-26047" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26047", "reference_id": "CVE-2026-26047", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26047" }, { "reference_url": "https://github.com/advisories/GHSA-cg8j-5cr2-568q", "reference_id": "GHSA-cg8j-5cr2-568q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg8j-5cr2-568q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74185?format=api", "purl": "pkg:composer/moodle/moodle@4.5.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/74184?format=api", "purl": "pkg:composer/moodle/moodle@5.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74183?format=api", "purl": "pkg:composer/moodle/moodle@5.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.2" } ], "aliases": [ "CVE-2026-26047", "GHSA-cg8j-5cr2-568q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-657g-68tv-dkam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56707?format=api", "vulnerability_id": "VCID-6cvg-r9am-wbh5", "summary": "Moodle has a SQL injection risk in course search module list filter\nAn SQL injection risk was identified in the module list filter within course search.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84271", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:35:13Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84271" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26533", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.61178", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26533" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/1310e64699807ead6c38ee89354ac57c503c2836", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/1310e64699807ead6c38ee89354ac57c503c2836" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=466150", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-25T14:35:13Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=466150" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26533", "reference_id": "CVE-2025-26533", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26533" }, { "reference_url": "https://github.com/advisories/GHSA-rg56-94j7-hjx9", "reference_id": "GHSA-rg56-94j7-hjx9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rg56-94j7-hjx9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84178?format=api", "purl": "pkg:composer/moodle/moodle@4.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/84177?format=api", "purl": "pkg:composer/moodle/moodle@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-rgq5-458d-1fhg" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wjby-arfq-buby" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2" } ], "aliases": [ "CVE-2025-26533", "GHSA-rg56-94j7-hjx9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cvg-r9am-wbh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48126?format=api", "vulnerability_id": "VCID-7trf-g8dq-tua1", "summary": "Moodle has a time restriction bypass\nAn issue in Moodle's timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12997", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62401" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404434", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:38:17Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404434" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/78a3fe6c618676dfc53ea538abbfe35e60674eeb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/78a3fe6c618676dfc53ea538abbfe35e60674eeb" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=470390", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=470390" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-62401", "reference_id": "CVE-2025-62401", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:38:17Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-62401" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62401", "reference_id": "CVE-2025-62401", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62401" }, { "reference_url": "https://github.com/advisories/GHSA-w29j-8phw-ffjf", "reference_id": "GHSA-w29j-8phw-ffjf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w29j-8phw-ffjf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71069?format=api", "purl": "pkg:composer/moodle/moodle@4.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/71068?format=api", "purl": "pkg:composer/moodle/moodle@4.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/71064?format=api", "purl": "pkg:composer/moodle/moodle@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.3" } ], "aliases": [ "CVE-2025-62401", "GHSA-w29j-8phw-ffjf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7trf-g8dq-tua1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56705?format=api", "vulnerability_id": "VCID-8uah-srba-6ubb", "summary": "Moodle has an IDOR in badges allows disabling of arbitrary badges\nInsufficient capability checks made it possible to disable badges a user does not have permission to access.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84239", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:19:42Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84239" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57372", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26531" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=466148", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:19:42Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=466148" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26531", "reference_id": "CVE-2025-26531", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26531" }, { "reference_url": "https://github.com/advisories/GHSA-g88w-v4cq-qgcp", "reference_id": "GHSA-g88w-v4cq-qgcp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g88w-v4cq-qgcp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84178?format=api", "purl": "pkg:composer/moodle/moodle@4.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/84177?format=api", "purl": "pkg:composer/moodle/moodle@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-rgq5-458d-1fhg" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wjby-arfq-buby" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2" } ], "aliases": [ "CVE-2025-26531", "GHSA-g88w-v4cq-qgcp" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8uah-srba-6ubb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56244?format=api", "vulnerability_id": "VCID-9rqr-xzr8-5fgf", "summary": "Moodle allows users to retrieve information they did not have permission to access\nA flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31459", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45689" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309941", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T19:17:47Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309941" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/bb466df202a4b4a692006298f93cbba20566949c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/bb466df202a4b4a692006298f93cbba20566949c" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461894#p1854491", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461894#p1854491" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45689", "reference_id": "CVE-2024-45689", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45689" }, { "reference_url": "https://github.com/advisories/GHSA-j822-x5gg-5r56", "reference_id": "GHSA-j822-x5gg-5r56", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j822-x5gg-5r56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83316?format=api", "purl": "pkg:composer/moodle/moodle@4.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.3" } ], "aliases": [ "CVE-2024-45689", "GHSA-j822-x5gg-5r56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9rqr-xzr8-5fgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56233?format=api", "vulnerability_id": "VCID-9xk9-qb9x-jfcs", "summary": "Moodle leaks user names\nA vulnerability was found in Moodle. It is possible for users with the \"send message\" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54503", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48896" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318822", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-18T14:57:51Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318822" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48896", "reference_id": "CVE-2024-48896", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48896" }, { "reference_url": "https://github.com/advisories/GHSA-cq5f-wv7p-5gfc", "reference_id": "GHSA-cq5f-wv7p-5gfc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cq5f-wv7p-5gfc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83248?format=api", "purl": "pkg:composer/moodle/moodle@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.4" } ], "aliases": [ "CVE-2024-48896", "GHSA-cq5f-wv7p-5gfc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9xk9-qb9x-jfcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56711?format=api", "vulnerability_id": "VCID-a1ek-x154-5ydy", "summary": "Moodle has an arbitrary file read risk through pdfTeX\nInsufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as\nthose with TeX Live installed).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26525", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.438", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26525" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84136", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:59:34Z/" } ], "url": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84136" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=466141", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:59:34Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=466141" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26525", "reference_id": "CVE-2025-26525", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26525" }, { "reference_url": "https://github.com/advisories/GHSA-4hmr-39vp-xfrr", "reference_id": "GHSA-4hmr-39vp-xfrr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4hmr-39vp-xfrr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84178?format=api", "purl": "pkg:composer/moodle/moodle@4.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/84177?format=api", "purl": "pkg:composer/moodle/moodle@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-rgq5-458d-1fhg" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wjby-arfq-buby" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2" } ], "aliases": [ "CVE-2025-26525", "GHSA-4hmr-39vp-xfrr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a1ek-x154-5ydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57198?format=api", "vulnerability_id": "VCID-dky9-v96e-pubh", "summary": "Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repository\nA flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00667", "scoring_system": "epss", "scoring_elements": "0.71699", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3641" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359735", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:38:41Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359735" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/27b839b5c60389623ca8e3496792b43a44527cd6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/27b839b5c60389623ca8e3496792b43a44527cd6" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=467602", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:38:41Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=467602" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3641", "reference_id": "CVE-2025-3641", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:38:41Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3641" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3641", "reference_id": "CVE-2025-3641", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3641" }, { "reference_url": "https://github.com/advisories/GHSA-c8v6-vxhf-wcrr", "reference_id": "GHSA-c8v6-vxhf-wcrr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c8v6-vxhf-wcrr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84926?format=api", "purl": "pkg:composer/moodle/moodle@4.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/84927?format=api", "purl": "pkg:composer/moodle/moodle@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4" } ], "aliases": [ "CVE-2025-3641", "GHSA-c8v6-vxhf-wcrr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dky9-v96e-pubh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48123?format=api", "vulnerability_id": "VCID-dr5e-6s1a-6uas", "summary": "Moodle does not properly enforce MFA\nA serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21425", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62398" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404431", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:57:39Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404431" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/67005f8b2098096f4c7ca4f78ab9ce69415d703b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/67005f8b2098096f4c7ca4f78ab9ce69415d703b" }, { "reference_url": "https://github.com/moodle/moodle/commit/a2078f781ae065ca1f781bd159c7615c84afcaa5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/a2078f781ae065ca1f781bd159c7615c84afcaa5" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=470387", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=470387" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-62398", "reference_id": "CVE-2025-62398", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:57:39Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-62398" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62398", "reference_id": "CVE-2025-62398", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62398" }, { "reference_url": "https://github.com/advisories/GHSA-25wf-7x6c-wmpf", "reference_id": "GHSA-25wf-7x6c-wmpf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-25wf-7x6c-wmpf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71069?format=api", "purl": "pkg:composer/moodle/moodle@4.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/71068?format=api", "purl": "pkg:composer/moodle/moodle@4.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/71064?format=api", "purl": "pkg:composer/moodle/moodle@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.3" } ], "aliases": [ "CVE-2025-62398", "GHSA-25wf-7x6c-wmpf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dr5e-6s1a-6uas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49987?format=api", "vulnerability_id": "VCID-f1da-1duc-2uhb", "summary": "Moodle Affected by Improper Restriction of Excessive Authentication Attempts\nA flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67853", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10917", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67853" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423847", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:42Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423847" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471303", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471303" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67853", "reference_id": "CVE-2025-67853", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:42Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67853" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67853", "reference_id": "CVE-2025-67853", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67853" }, { "reference_url": "https://github.com/advisories/GHSA-5cx4-w4fh-fr57", "reference_id": "GHSA-5cx4-w4fh-fr57", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5cx4-w4fh-fr57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73590?format=api", "purl": "pkg:composer/moodle/moodle@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73589?format=api", "purl": "pkg:composer/moodle/moodle@4.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/73588?format=api", "purl": "pkg:composer/moodle/moodle@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67853", "GHSA-5cx4-w4fh-fr57" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f1da-1duc-2uhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57181?format=api", "vulnerability_id": "VCID-ffp4-23na-rkgr", "summary": "Moodle has an authenticated remote code execution risk in the Moodle LMS EQUELLA repository\nA flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3642", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00667", "scoring_system": "epss", "scoring_elements": "0.71699", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3642" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359738", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:38:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359738" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/630fbf6230ee18d63ce69bea34173fb151b599da", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/630fbf6230ee18d63ce69bea34173fb151b599da" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=467603", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:38:37Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=467603" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3642", "reference_id": "CVE-2025-3642", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:38:37Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3642" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3642", "reference_id": "CVE-2025-3642", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3642" }, { "reference_url": "https://github.com/advisories/GHSA-m367-445c-2xqr", "reference_id": "GHSA-m367-445c-2xqr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m367-445c-2xqr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84926?format=api", "purl": "pkg:composer/moodle/moodle@4.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/84927?format=api", "purl": "pkg:composer/moodle/moodle@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4" } ], "aliases": [ "CVE-2025-3642", "GHSA-m367-445c-2xqr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ffp4-23na-rkgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56709?format=api", "vulnerability_id": "VCID-gwnb-e3gt-kqcb", "summary": "Moodle allows teachers to evade trusttext config when restoring glossary entries\nAdditional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:19:04Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26532", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57354", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26532" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=466149", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:19:04Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=466149" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26532", "reference_id": "CVE-2025-26532", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26532" }, { "reference_url": "https://github.com/advisories/GHSA-cw24-f6fq-7j9v", "reference_id": "GHSA-cw24-f6fq-7j9v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cw24-f6fq-7j9v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84178?format=api", "purl": "pkg:composer/moodle/moodle@4.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/84177?format=api", "purl": "pkg:composer/moodle/moodle@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-rgq5-458d-1fhg" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wjby-arfq-buby" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2" } ], "aliases": [ "CVE-2025-26532", "GHSA-cw24-f6fq-7j9v" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwnb-e3gt-kqcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56710?format=api", "vulnerability_id": "VCID-gzdw-424p-mqfa", "summary": "Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block\nTags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83941", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:57:30Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83941" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58836", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26527" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=466143", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:57:30Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=466143" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26527", "reference_id": "CVE-2025-26527", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26527" }, { "reference_url": "https://github.com/advisories/GHSA-5r85-6h7f-rg3r", "reference_id": "GHSA-5r85-6h7f-rg3r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5r85-6h7f-rg3r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84178?format=api", "purl": "pkg:composer/moodle/moodle@4.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/84177?format=api", "purl": "pkg:composer/moodle/moodle@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-rgq5-458d-1fhg" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wjby-arfq-buby" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2" } ], "aliases": [ "CVE-2025-26527", "GHSA-5r85-6h7f-rg3r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gzdw-424p-mqfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49973?format=api", "vulnerability_id": "VCID-hufb-p6pa-63c9", "summary": "Moodle has an authorization logic flaw\nA flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67856", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06512", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67856" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423864", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:42:42Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423864" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/0d48779e61bcacbabbcb82858a037b567351fce0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/0d48779e61bcacbabbcb82858a037b567351fce0" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471306", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471306" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67856", "reference_id": "CVE-2025-67856", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:42:42Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67856" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67856", "reference_id": "CVE-2025-67856", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67856" }, { "reference_url": "https://github.com/advisories/GHSA-hcm6-q6pc-xfhm", "reference_id": "GHSA-hcm6-q6pc-xfhm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hcm6-q6pc-xfhm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73590?format=api", "purl": "pkg:composer/moodle/moodle@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73589?format=api", "purl": "pkg:composer/moodle/moodle@4.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/73588?format=api", "purl": "pkg:composer/moodle/moodle@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67856", "GHSA-hcm6-q6pc-xfhm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hufb-p6pa-63c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50289?format=api", "vulnerability_id": "VCID-j3ts-5ghc-4qct", "summary": "Moodle has a Remote Code Execution risk via file restore\nA flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it could lead to unintended execution of server-side code. Since restore capabilities are typically available to privileged users, exploitation requires authenticated access. Successful exploitation could result in full compromise of the Moodle server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26045", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29587", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26045" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440901", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T04:56:33Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440901" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/566054ba11f609a6d48d09b32e85d435d49927da", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/566054ba11f609a6d48d09b32e85d435d49927da" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=473314", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=473314" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-26045", "reference_id": "CVE-2026-26045", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-24T04:56:33Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-26045" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26045", "reference_id": "CVE-2026-26045", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26045" }, { "reference_url": "https://github.com/advisories/GHSA-ggxq-2mg9-8966", "reference_id": "GHSA-ggxq-2mg9-8966", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ggxq-2mg9-8966" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74185?format=api", "purl": "pkg:composer/moodle/moodle@4.5.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/74184?format=api", "purl": "pkg:composer/moodle/moodle@5.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/74183?format=api", "purl": "pkg:composer/moodle/moodle@5.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.2" } ], "aliases": [ "CVE-2026-26045", "GHSA-ggxq-2mg9-8966" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j3ts-5ghc-4qct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56242?format=api", "vulnerability_id": "VCID-jjsw-9p4b-m3e5", "summary": "Moodle IDOR when accessing list of course badges\nA vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48899", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41074", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48899" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318819", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T19:16:09Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318819" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/07ad4b8ebc715056056e01f2175820bfce6b290f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/07ad4b8ebc715056056e01f2175820bfce6b290f" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=462878#p1858337", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=462878#p1858337" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48899", "reference_id": "CVE-2024-48899", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48899" }, { "reference_url": "https://github.com/advisories/GHSA-r4xr-m393-778m", "reference_id": "GHSA-r4xr-m393-778m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r4xr-m393-778m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83316?format=api", "purl": "pkg:composer/moodle/moodle@4.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.3" } ], "aliases": [ "CVE-2024-48899", "GHSA-r4xr-m393-778m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjsw-9p4b-m3e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56184?format=api", "vulnerability_id": "VCID-kwhy-pkt9-1kfe", "summary": "Moodle IDOR when accessing list of badge recipients\nA vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83178", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-83178" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48900", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00264", "scoring_system": "epss", "scoring_elements": "0.5016", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48900" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318818", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T18:06:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318818" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=462879", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=462879" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48900", "reference_id": "CVE-2024-48900", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48900" }, { "reference_url": "https://github.com/advisories/GHSA-g8r3-2v89-j6r5", "reference_id": "GHSA-g8r3-2v89-j6r5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-g8r3-2v89-j6r5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83248?format=api", "purl": "pkg:composer/moodle/moodle@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.4" } ], "aliases": [ "CVE-2024-48900", "GHSA-g8r3-2v89-j6r5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kwhy-pkt9-1kfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48117?format=api", "vulnerability_id": "VCID-m2a7-q28u-1yfw", "summary": "Moodle vulnerable to brute-force password guesses\nMoodle's mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25243", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-62399" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404432", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:51:39Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404432" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/e4d02567c922c537086de9f59f063ca073552a3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/e4d02567c922c537086de9f59f063ca073552a3a" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=470388", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=470388" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-62399", "reference_id": "CVE-2025-62399", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:51:39Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-62399" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62399", "reference_id": "CVE-2025-62399", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62399" }, { "reference_url": "https://github.com/advisories/GHSA-m58f-9pvv-8mp2", "reference_id": "GHSA-m58f-9pvv-8mp2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m58f-9pvv-8mp2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71069?format=api", "purl": "pkg:composer/moodle/moodle@4.4.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/71068?format=api", "purl": "pkg:composer/moodle/moodle@4.5.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/71064?format=api", "purl": "pkg:composer/moodle/moodle@5.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.3" } ], "aliases": [ "CVE-2025-62399", "GHSA-m58f-9pvv-8mp2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m2a7-q28u-1yfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56225?format=api", "vulnerability_id": "VCID-mnx8-118d-efcr", "summary": "moodle: IDOR in edit/delete RSS feed\nA vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45845", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48897" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318821", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-19T14:51:39Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318821" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48897", "reference_id": "CVE-2024-48897", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48897" }, { "reference_url": "https://github.com/advisories/GHSA-x3x9-349x-2485", "reference_id": "GHSA-x3x9-349x-2485", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x3x9-349x-2485" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83248?format=api", "purl": "pkg:composer/moodle/moodle@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.4" } ], "aliases": [ "CVE-2024-48897", "GHSA-x3x9-349x-2485" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mnx8-118d-efcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56712?format=api", "vulnerability_id": "VCID-nctp-rev5-puej", "summary": "Moodle allows reflected XSS via question bank filter\nThe question bank filter required additional sanitizing to prevent a reflected XSS risk.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84146", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T20:05:56Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84146" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00957", "scoring_system": "epss", "scoring_elements": "0.76825", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26530" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=466146", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T20:05:56Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=466146" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26530", "reference_id": "CVE-2025-26530", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26530" }, { "reference_url": "https://github.com/advisories/GHSA-4w32-c9g7-27qx", "reference_id": "GHSA-4w32-c9g7-27qx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4w32-c9g7-27qx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84178?format=api", "purl": "pkg:composer/moodle/moodle@4.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/84177?format=api", "purl": "pkg:composer/moodle/moodle@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-rgq5-458d-1fhg" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wjby-arfq-buby" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2" } ], "aliases": [ "CVE-2025-26530", "GHSA-4w32-c9g7-27qx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nctp-rev5-puej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56703?format=api", "vulnerability_id": "VCID-pd2f-4kxt-bkgp", "summary": "Moodle's feedback response viewing and deletions did not respect Separate Groups mode\nSeparate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback\nactivities.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79976", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:58:41Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79976" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26526", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59868", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26526" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=466142", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-24T19:58:41Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=466142" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26526", "reference_id": "CVE-2025-26526", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26526" }, { "reference_url": "https://github.com/advisories/GHSA-pxg4-xjp7-w9c5", "reference_id": "GHSA-pxg4-xjp7-w9c5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pxg4-xjp7-w9c5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84178?format=api", "purl": "pkg:composer/moodle/moodle@4.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/84177?format=api", "purl": "pkg:composer/moodle/moodle@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-rgq5-458d-1fhg" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wjby-arfq-buby" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2" } ], "aliases": [ "CVE-2025-26526", "GHSA-pxg4-xjp7-w9c5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pd2f-4kxt-bkgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56706?format=api", "vulnerability_id": "VCID-sgdq-5ha7-nfh2", "summary": "Moodle has a stored XSS in ddimageortext question type\nThe drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82896", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T20:03:52Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82896" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00706", "scoring_system": "epss", "scoring_elements": "0.72569", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26528" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=466144", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-24T20:03:52Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=466144" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26528", "reference_id": "CVE-2025-26528", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26528" }, { "reference_url": "https://github.com/advisories/GHSA-h697-w4ph-7pcx", "reference_id": "GHSA-h697-w4ph-7pcx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h697-w4ph-7pcx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84178?format=api", "purl": "pkg:composer/moodle/moodle@4.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/84177?format=api", "purl": "pkg:composer/moodle/moodle@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-rgq5-458d-1fhg" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wjby-arfq-buby" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2" } ], "aliases": [ "CVE-2025-26528", "GHSA-h697-w4ph-7pcx" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgdq-5ha7-nfh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56223?format=api", "vulnerability_id": "VCID-t8vm-tfnq-5kak", "summary": "moodle: IDOR when fetching report schedules\nA vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45845", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48901" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318817", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-18T14:55:25Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318817" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48901", "reference_id": "CVE-2024-48901", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48901" }, { "reference_url": "https://github.com/advisories/GHSA-mg54-p2wj-5ph7", "reference_id": "GHSA-mg54-p2wj-5ph7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mg54-p2wj-5ph7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83248?format=api", "purl": "pkg:composer/moodle/moodle@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.4" } ], "aliases": [ "CVE-2024-48901", "GHSA-mg54-p2wj-5ph7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t8vm-tfnq-5kak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57185?format=api", "vulnerability_id": "VCID-ueyy-v42v-7ydh", "summary": "Moodle has reflected Cross-site Scripting risk in policy tool\nA flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3643", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32105", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3643" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359742", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:55Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359742" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/ff9bbd6d9e7d6267ce85e6c9afbeb19581f2a85f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/ff9bbd6d9e7d6267ce85e6c9afbeb19581f2a85f" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=467604", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:55Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=467604" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3643", "reference_id": "CVE-2025-3643", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:55Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3643" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3643", "reference_id": "CVE-2025-3643", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3643" }, { "reference_url": "https://github.com/advisories/GHSA-hxgg-4qww-85ph", "reference_id": "GHSA-hxgg-4qww-85ph", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hxgg-4qww-85ph" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84926?format=api", "purl": "pkg:composer/moodle/moodle@4.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/84927?format=api", "purl": "pkg:composer/moodle/moodle@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4" } ], "aliases": [ "CVE-2025-3643", "GHSA-hxgg-4qww-85ph" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ueyy-v42v-7ydh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56239?format=api", "vulnerability_id": "VCID-vsrk-zp7j-w7bk", "summary": "Moodle IDOR when deleting OAuth2 linked accounts\nA flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60627", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45690" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309939", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-27T14:15:47Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309939" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/809629e5afcd5be087e65668fe6cf67f2f4f5145", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/809629e5afcd5be087e65668fe6cf67f2f4f5145" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461895#p1854492", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461895#p1854492" }, { "reference_url": "https://moodle.org/security", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/security" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45690", "reference_id": "CVE-2024-45690", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45690" }, { "reference_url": "https://github.com/advisories/GHSA-fhg2-r2h9-h7q8", "reference_id": "GHSA-fhg2-r2h9-h7q8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fhg2-r2h9-h7q8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83316?format=api", "purl": "pkg:composer/moodle/moodle@4.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.3" } ], "aliases": [ "CVE-2024-45690", "GHSA-fhg2-r2h9-h7q8" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vsrk-zp7j-w7bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57190?format=api", "vulnerability_id": "VCID-vve8-f9s9-v7ft", "summary": "Moodle's AJAX section delete does not respect course_can_delete_section()\nA flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3644", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38826", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3644" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359745", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:51Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359745" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-83994&type=commits", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-83994&type=commits" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=467605", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:51Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=467605" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3644", "reference_id": "CVE-2025-3644", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:51Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3644" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3644", "reference_id": "CVE-2025-3644", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3644" }, { "reference_url": "https://github.com/advisories/GHSA-cpm7-mv33-jwf8", "reference_id": "GHSA-cpm7-mv33-jwf8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cpm7-mv33-jwf8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84926?format=api", "purl": "pkg:composer/moodle/moodle@4.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/84927?format=api", "purl": "pkg:composer/moodle/moodle@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4" } ], "aliases": [ "CVE-2025-3644", "GHSA-cpm7-mv33-jwf8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vve8-f9s9-v7ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49969?format=api", "vulnerability_id": "VCID-wby4-h9ud-1yh5", "summary": "Moodle vulnerable to Cross-site Scripting\nA flaw was found in Moodle. This vulnerability, known as Cross-site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67850", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01935", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67850" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423838", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:48Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423838" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/c85f153068a717a3b28bc122e75154bac99e67e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/c85f153068a717a3b28bc122e75154bac99e67e1" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471300", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471300" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67850", "reference_id": "CVE-2025-67850", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-04T04:55:48Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67850" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67850", "reference_id": "CVE-2025-67850", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67850" }, { "reference_url": "https://github.com/advisories/GHSA-6mmv-f6c6-v6q8", "reference_id": "GHSA-6mmv-f6c6-v6q8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6mmv-f6c6-v6q8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73590?format=api", "purl": "pkg:composer/moodle/moodle@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73589?format=api", "purl": "pkg:composer/moodle/moodle@4.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/73588?format=api", "purl": "pkg:composer/moodle/moodle@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67850", "GHSA-6mmv-f6c6-v6q8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wby4-h9ud-1yh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57193?format=api", "vulnerability_id": "VCID-wwx4-ns21-k3hd", "summary": "Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users\nA flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00163", "scoring_system": "epss", "scoring_elements": "0.37064", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3640" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359734", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:58Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359734" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/64a4311266cbe9a9a942c836931bef224018b77d", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/64a4311266cbe9a9a942c836931bef224018b77d" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=467601", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:58Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=467601" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3640", "reference_id": "CVE-2025-3640", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:42:58Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3640" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3640", "reference_id": "CVE-2025-3640", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3640" }, { "reference_url": "https://github.com/advisories/GHSA-6g5x-h5x7-q4mq", "reference_id": "GHSA-6g5x-h5x7-q4mq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6g5x-h5x7-q4mq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84926?format=api", "purl": "pkg:composer/moodle/moodle@4.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/84927?format=api", "purl": "pkg:composer/moodle/moodle@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4" } ], "aliases": [ "CVE-2025-3640", "GHSA-6g5x-h5x7-q4mq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwx4-ns21-k3hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57194?format=api", "vulnerability_id": "VCID-wytb-bryq-yqb4", "summary": "Moodle has a CSRF risk in Brickfield tool's analysis request action\nA flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.4656", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3638" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359732", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:51:01Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359732" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/91e6ad43ed2522f9c1c4094e565b5a7e5b348728", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/91e6ad43ed2522f9c1c4094e565b5a7e5b348728" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=467600", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:51:01Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=467600" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3638", "reference_id": "CVE-2025-3638", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-25T15:51:01Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3638" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3638", "reference_id": "CVE-2025-3638", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3638" }, { "reference_url": "https://github.com/advisories/GHSA-m8qh-hx4c-h9hr", "reference_id": "GHSA-m8qh-hx4c-h9hr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m8qh-hx4c-h9hr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84926?format=api", "purl": "pkg:composer/moodle/moodle@4.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/84927?format=api", "purl": "pkg:composer/moodle/moodle@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4" } ], "aliases": [ "CVE-2025-3638", "GHSA-m8qh-hx4c-h9hr" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wytb-bryq-yqb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57184?format=api", "vulnerability_id": "VCID-xqha-pgc4-3udb", "summary": "Moodle self enrollment available before completing second factor with MFA enabled\nA security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35193", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3634" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359707", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T14:23:56Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359707" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/b0965139014b459c3cb96e4fff45af4d5e09e261", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/b0965139014b459c3cb96e4fff45af4d5e09e261" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=467596", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=467596" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3634", "reference_id": "CVE-2025-3634", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T14:23:56Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3634" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3634", "reference_id": "CVE-2025-3634", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3634" }, { "reference_url": "https://github.com/advisories/GHSA-qhc7-xhc2-7p7w", "reference_id": "GHSA-qhc7-xhc2-7p7w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qhc7-xhc2-7p7w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84926?format=api", "purl": "pkg:composer/moodle/moodle@4.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/84927?format=api", "purl": "pkg:composer/moodle/moodle@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4" } ], "aliases": [ "CVE-2025-3634", "GHSA-qhc7-xhc2-7p7w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xqha-pgc4-3udb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49984?format=api", "vulnerability_id": "VCID-yby1-g45r-rugg", "summary": "Moodle vulnerable to Cross-site Scripting\nA flaw was found in Moodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malicious scripts through specially crafted links. Successful exploitation could lead to information disclosure or arbitrary client-side script execution within the user's browser.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.118", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67855" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423861", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:09Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423861" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/0c146aa2612fb6d0544f200a018cb42da75db713", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/0c146aa2612fb6d0544f200a018cb42da75db713" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471305", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471305" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67855", "reference_id": "CVE-2025-67855", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:43:09Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67855" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67855", "reference_id": "CVE-2025-67855", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67855" }, { "reference_url": "https://github.com/advisories/GHSA-vwhw-vp9v-q9c9", "reference_id": "GHSA-vwhw-vp9v-q9c9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vwhw-vp9v-q9c9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73590?format=api", "purl": "pkg:composer/moodle/moodle@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73589?format=api", "purl": "pkg:composer/moodle/moodle@4.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/73588?format=api", "purl": "pkg:composer/moodle/moodle@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67855", "GHSA-vwhw-vp9v-q9c9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yby1-g45r-rugg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49824?format=api", "vulnerability_id": "VCID-ykj6-ptd4-7qfs", "summary": "Moodle affected by a code injection vulnerability\nA flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a full compromise of the Moodle application.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67847", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08982", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67847" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=471297#p1892199", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=471297#p1892199" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-67847", "reference_id": "CVE-2025-67847", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-24T04:55:19Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-67847" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67847", "reference_id": "CVE-2025-67847", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67847" }, { "reference_url": "https://github.com/advisories/GHSA-xvmh-25jw-gmmm", "reference_id": "GHSA-xvmh-25jw-gmmm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xvmh-25jw-gmmm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73590?format=api", "purl": "pkg:composer/moodle/moodle@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/73589?format=api", "purl": "pkg:composer/moodle/moodle@4.5.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/73588?format=api", "purl": "pkg:composer/moodle/moodle@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/73587?format=api", "purl": "pkg:composer/moodle/moodle@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.1.1" } ], "aliases": [ "CVE-2025-67847", "GHSA-xvmh-25jw-gmmm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ykj6-ptd4-7qfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56226?format=api", "vulnerability_id": "VCID-z5u9-5522-h7fx", "summary": "moodle: Some users can delete audiences of other reports\nA vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00229", "scoring_system": "epss", "scoring_elements": "0.45845", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48898" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318820", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-18T14:56:14Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318820" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48898", "reference_id": "CVE-2024-48898", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48898" }, { "reference_url": "https://github.com/advisories/GHSA-fjq9-452g-jg3q", "reference_id": "GHSA-fjq9-452g-jg3q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fjq9-452g-jg3q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83248?format=api", "purl": "pkg:composer/moodle/moodle@4.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.4" } ], "aliases": [ "CVE-2024-48898", "GHSA-fjq9-452g-jg3q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z5u9-5522-h7fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57187?format=api", "vulnerability_id": "VCID-z693-m8fg-63cc", "summary": "Moodle makes some user data available before completing second factor with MFA enabled\nA security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3627", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26922", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3627" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359692", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:17Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359692" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-84351&type=commits", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-84351&type=commits" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=467594", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=467594" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3627", "reference_id": "CVE-2025-3627", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:17Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3627" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3627", "reference_id": "CVE-2025-3627", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3627" }, { "reference_url": "https://github.com/advisories/GHSA-x45j-jq9q-gf3q", "reference_id": "GHSA-x45j-jq9q-gf3q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x45j-jq9q-gf3q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84926?format=api", "purl": "pkg:composer/moodle/moodle@4.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/84927?format=api", "purl": "pkg:composer/moodle/moodle@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4" } ], "aliases": [ "CVE-2025-3627", "GHSA-x45j-jq9q-gf3q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z693-m8fg-63cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56708?format=api", "vulnerability_id": "VCID-zjqu-hbpf-9qe1", "summary": "Moodle has a stored XSS risk in admin live log\nDescription information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T20:05:38Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84145" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00961", "scoring_system": "epss", "scoring_elements": "0.7687", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26529" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=466145", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-24T20:05:38Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=466145" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26529", "reference_id": "CVE-2025-26529", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26529" }, { "reference_url": "https://github.com/advisories/GHSA-wr88-x8cm-7cgq", "reference_id": "GHSA-wr88-x8cm-7cgq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wr88-x8cm-7cgq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84178?format=api", "purl": "pkg:composer/moodle/moodle@4.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/84177?format=api", "purl": "pkg:composer/moodle/moodle@4.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-rgq5-458d-1fhg" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wjby-arfq-buby" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.2" } ], "aliases": [ "CVE-2025-26529", "GHSA-wr88-x8cm-7cgq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zjqu-hbpf-9qe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57191?format=api", "vulnerability_id": "VCID-zrjj-atms-8uf9", "summary": "Moodle allows IDOR in RSS block, which allows access to additional RSS feeds\nA flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84499", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:06Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84499" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3636", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.2771", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3636" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359726", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:06Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359726" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/0bd97209ac5e217dbec236c73e4f6fdcaee1c737", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/0bd97209ac5e217dbec236c73e4f6fdcaee1c737" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=467598", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=467598" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3636", "reference_id": "CVE-2025-3636", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T15:43:06Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3636" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3636", "reference_id": "CVE-2025-3636", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3636" }, { "reference_url": "https://github.com/advisories/GHSA-chmf-m33p-ph8m", "reference_id": "GHSA-chmf-m33p-ph8m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-chmf-m33p-ph8m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84926?format=api", "purl": "pkg:composer/moodle/moodle@4.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/84927?format=api", "purl": "pkg:composer/moodle/moodle@4.5.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-3m96-nmxm-tfgz" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-ey6g-spfk-7bcw" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.4" } ], "aliases": [ "CVE-2025-3636", "GHSA-chmf-m33p-ph8m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zrjj-atms-8uf9" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56155?format=api", "vulnerability_id": "VCID-21mq-pewz-ekdt", "summary": "Moodle Cross-site Scripting vulnerability\nA flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81394", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81394" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43437", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01529", "scoring_system": "epss", "scoring_elements": "0.81662", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43437" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304266", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-11T14:28:15Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304266" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461207", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-11T14:28:15Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461207" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43437", "reference_id": "CVE-2024-43437", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43437" }, { "reference_url": "https://github.com/advisories/GHSA-4hjf-6pxr-549h", "reference_id": "GHSA-4hjf-6pxr-549h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4hjf-6pxr-549h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83184?format=api", "purl": "pkg:composer/moodle/moodle@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/83185?format=api", "purl": "pkg:composer/moodle/moodle@4.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43437", "GHSA-4hjf-6pxr-549h" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-21mq-pewz-ekdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56157?format=api", "vulnerability_id": "VCID-2wsu-7rzh-h7cs", "summary": "Moodle has user information visibility control issues in gradebook reports\nA flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the \"view hidden user fields\" capability having access to the information.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79541", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79541" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53232", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43429" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304257", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:15:16Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304257" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461197", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:15:16Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461197" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43429", "reference_id": "CVE-2024-43429", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43429" }, { "reference_url": "https://github.com/advisories/GHSA-c767-4whh-v7rw", "reference_id": "GHSA-c767-4whh-v7rw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c767-4whh-v7rw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83184?format=api", "purl": "pkg:composer/moodle/moodle@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/83185?format=api", "purl": "pkg:composer/moodle/moodle@4.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43429", "GHSA-c767-4whh-v7rw" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2wsu-7rzh-h7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56163?format=api", "vulnerability_id": "VCID-3nvq-s7y5-fufr", "summary": "Moodle reflected XSS via H5P error message\nA flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43439", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0129", "scoring_system": "epss", "scoring_elements": "0.80023", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43439" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304268", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:50:51Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304268" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/c7d9026715a107ee16b9f9b2134ed4e6f667af99", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/c7d9026715a107ee16b9f9b2134ed4e6f667af99" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461209", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:50:51Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461209" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43439", "reference_id": "CVE-2024-43439", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43439" }, { "reference_url": "https://github.com/advisories/GHSA-hjgc-jxjc-8v9j", "reference_id": "GHSA-hjgc-jxjc-8v9j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hjgc-jxjc-8v9j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83184?format=api", "purl": "pkg:composer/moodle/moodle@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/83185?format=api", "purl": "pkg:composer/moodle/moodle@4.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43439", "GHSA-hjgc-jxjc-8v9j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nvq-s7y5-fufr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56162?format=api", "vulnerability_id": "VCID-6p1s-2r14-z7ax", "summary": "Moodle admin presets export tool includes some secrets that should not be exported\nA flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79373", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79373" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43427", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00632", "scoring_system": "epss", "scoring_elements": "0.70757", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43427" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304255", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:02:44Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304255" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461195", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:02:44Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461195" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43427", "reference_id": "CVE-2024-43427", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "1.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43427" }, { "reference_url": "https://github.com/advisories/GHSA-vpq5-56jj-vf2m", "reference_id": "GHSA-vpq5-56jj-vf2m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vpq5-56jj-vf2m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83184?format=api", "purl": "pkg:composer/moodle/moodle@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/83185?format=api", "purl": "pkg:composer/moodle/moodle@4.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43427", "GHSA-vpq5-56jj-vf2m" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6p1s-2r14-z7ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56148?format=api", "vulnerability_id": "VCID-7p54-yn8k-aydw", "summary": "Moodle Remote Code Execution vulnerability\nA flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82576", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82576" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88917", "scoring_system": "epss", "scoring_elements": "0.99541", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43425" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304253", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T14:41:20Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304253" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461193", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T14:41:20Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461193" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52350.py", "reference_id": "CVE-2024-43425", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52350.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43425", "reference_id": "CVE-2024-43425", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43425" }, { "reference_url": "https://github.com/advisories/GHSA-v6f4-v8h8-3c87", "reference_id": "GHSA-v6f4-v8h8-3c87", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v6f4-v8h8-3c87" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83184?format=api", "purl": "pkg:composer/moodle/moodle@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/83185?format=api", "purl": "pkg:composer/moodle/moodle@4.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43425", "GHSA-v6f4-v8h8-3c87" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7p54-yn8k-aydw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56159?format=api", "vulnerability_id": "VCID-cjvx-m4xg-p7hb", "summary": "Moodle's user/power level management inconsistent with suspended users\nA flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81951", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81951" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43433", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.6283", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43433" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304261", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:02:57Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304261" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461202", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:02:57Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461202" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43433", "reference_id": "CVE-2024-43433", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43433" }, { "reference_url": "https://github.com/advisories/GHSA-q99x-mjmh-v8w7", "reference_id": "GHSA-q99x-mjmh-v8w7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q99x-mjmh-v8w7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43433", "GHSA-q99x-mjmh-v8w7" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjvx-m4xg-p7hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56160?format=api", "vulnerability_id": "VCID-d92c-j4yy-fud3", "summary": "Moodle authorization headers preserved between \"emulated redirects\"\nA flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82136", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82136" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00336", "scoring_system": "epss", "scoring_elements": "0.56755", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43432" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304260", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:06:57Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304260" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461200", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T15:06:57Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461200" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43432", "reference_id": "CVE-2024-43432", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43432" }, { "reference_url": "https://github.com/advisories/GHSA-7wmp-2xmx-g6h8", "reference_id": "GHSA-7wmp-2xmx-g6h8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7wmp-2xmx-g6h8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83184?format=api", "purl": "pkg:composer/moodle/moodle@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/83185?format=api", "purl": "pkg:composer/moodle/moodle@4.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43432", "GHSA-7wmp-2xmx-g6h8" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d92c-j4yy-fud3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56158?format=api", "vulnerability_id": "VCID-edb5-zwa3-mfam", "summary": "Moodle has insufficient access control\nA flaw was found in moodle. External API access to Quiz can override contained insufficient access control.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82633", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82633" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43430", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.6283", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43430" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304258", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:57:03Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304258" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461198", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:57:03Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461198" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43430", "reference_id": "CVE-2024-43430", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43430" }, { "reference_url": "https://github.com/advisories/GHSA-jpf2-9ppp-2c49", "reference_id": "GHSA-jpf2-9ppp-2c49", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jpf2-9ppp-2c49" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43430", "GHSA-jpf2-9ppp-2c49" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-edb5-zwa3-mfam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56136?format=api", "vulnerability_id": "VCID-g3km-hbas-x3cg", "summary": "Moodle has arbitrary file read risk through pdfTeX\nA flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43426", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.76223", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43426" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304254", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:41:10Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304254" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82745", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82745" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461194", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:41:10Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461194" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43426", "reference_id": "CVE-2024-43426", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43426" }, { "reference_url": "https://github.com/advisories/GHSA-vjmm-r9gg-425m", "reference_id": "GHSA-vjmm-r9gg-425m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vjmm-r9gg-425m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83184?format=api", "purl": "pkg:composer/moodle/moodle@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/83185?format=api", "purl": "pkg:composer/moodle/moodle@4.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43426", "GHSA-vjmm-r9gg-425m" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g3km-hbas-x3cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56141?format=api", "vulnerability_id": "VCID-m3jj-r66a-d7cv", "summary": "Moodle vulnerable to cache poisoning via injection into storage\nTo address a cache poisoning risk in Moodle, additional validation for local storage was required.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81718", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-81718" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43428", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18476", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43428" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304256", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T14:41:01Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304256" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461196", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T14:41:01Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461196" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43428", "reference_id": "CVE-2024-43428", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "6.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43428" }, { "reference_url": "https://github.com/advisories/GHSA-2r9m-wg35-rfvc", "reference_id": "GHSA-2r9m-wg35-rfvc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2r9m-wg35-rfvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83184?format=api", "purl": "pkg:composer/moodle/moodle@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/83185?format=api", "purl": "pkg:composer/moodle/moodle@4.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43428", "GHSA-2r9m-wg35-rfvc" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m3jj-r66a-d7cv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56150?format=api", "vulnerability_id": "VCID-m9tk-fa8m-zbah", "summary": "Moodle LFI vulnerability when restoring malformed block backups\nA flaw was found in moodle. A local file may include risks when restoring block backups.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43440", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56485", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43440" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304269", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:23:21Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304269" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461210", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:23:21Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461210" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43440", "reference_id": "CVE-2024-43440", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43440" }, { "reference_url": "https://github.com/advisories/GHSA-qrqv-26gf-xgwh", "reference_id": "GHSA-qrqv-26gf-xgwh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qrqv-26gf-xgwh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83184?format=api", "purl": "pkg:composer/moodle/moodle@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/83185?format=api", "purl": "pkg:composer/moodle/moodle@4.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43440", "GHSA-qrqv-26gf-xgwh" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m9tk-fa8m-zbah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56143?format=api", "vulnerability_id": "VCID-qruy-fs4p-43h1", "summary": "Moodle has CSRF risk in Feedback non-respondents report\nThe bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43434", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.6729", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43434" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304262", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T14:40:44Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304262" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461203", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T14:40:44Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461203" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43434", "reference_id": "CVE-2024-43434", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "8.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43434" }, { "reference_url": "https://github.com/advisories/GHSA-x87r-37q5-mmr8", "reference_id": "GHSA-x87r-37q5-mmr8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x87r-37q5-mmr8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83184?format=api", "purl": "pkg:composer/moodle/moodle@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/83185?format=api", "purl": "pkg:composer/moodle/moodle@4.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43434", "GHSA-x87r-37q5-mmr8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qruy-fs4p-43h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56147?format=api", "vulnerability_id": "VCID-r4m3-9prr-dkby", "summary": "Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users\nA flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.5246", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43438" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304267", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:40:31Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304267" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461208", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:40:31Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461208" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43438", "reference_id": "CVE-2024-43438", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43438" }, { "reference_url": "https://github.com/advisories/GHSA-p9cx-f595-h79h", "reference_id": "GHSA-p9cx-f595-h79h", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p9cx-f595-h79h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83184?format=api", "purl": "pkg:composer/moodle/moodle@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/83185?format=api", "purl": "pkg:composer/moodle/moodle@4.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43438", "GHSA-p9cx-f595-h79h" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r4m3-9prr-dkby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56149?format=api", "vulnerability_id": "VCID-r5w9-cbyk-hqc6", "summary": "Moodle's IDOR in badges allows deletion of arbitrary badges\nA vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43431", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54353", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43431" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304259", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:40:53Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304259" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461199", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T14:40:53Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461199" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43431", "reference_id": "CVE-2024-43431", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43431" }, { "reference_url": "https://github.com/advisories/GHSA-wwjf-gwrv-wh45", "reference_id": "GHSA-wwjf-gwrv-wh45", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wwjf-gwrv-wh45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83184?format=api", "purl": "pkg:composer/moodle/moodle@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/83185?format=api", "purl": "pkg:composer/moodle/moodle@4.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43431", "GHSA-wwjf-gwrv-wh45" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r5w9-cbyk-hqc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56142?format=api", "vulnerability_id": "VCID-sdxf-f1b3-t3cc", "summary": "Moodle vulnerable to site administration SQL injection via XMLDB editor\nA SQL injection risk flaw was found in the XMLDB editor tool available to site administrators.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.6619", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43436" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304264", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T14:40:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304264" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461206", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-07T14:40:37Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461206" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43436", "reference_id": "CVE-2024-43436", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "6.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43436" }, { "reference_url": "https://github.com/advisories/GHSA-mx26-62xm-2p83", "reference_id": "GHSA-mx26-62xm-2p83", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mx26-62xm-2p83" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83184?format=api", "purl": "pkg:composer/moodle/moodle@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/83185?format=api", "purl": "pkg:composer/moodle/moodle@4.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43436", "GHSA-mx26-62xm-2p83" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sdxf-f1b3-t3cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56156?format=api", "vulnerability_id": "VCID-wwny-t2ez-y3e1", "summary": "Moodle has insufficient capability checks\nA flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64984", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64984" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43435", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00529", "scoring_system": "epss", "scoring_elements": "0.67562", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43435" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304263", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:57:03Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304263" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=461205", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:57:03Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=461205" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43435", "reference_id": "CVE-2024-43435", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43435" }, { "reference_url": "https://github.com/advisories/GHSA-4gq2-x5w4-7hp8", "reference_id": "GHSA-4gq2-x5w4-7hp8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4gq2-x5w4-7hp8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83184?format=api", "purl": "pkg:composer/moodle/moodle@4.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/83185?format=api", "purl": "pkg:composer/moodle/moodle@4.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/83186?format=api", "purl": "pkg:composer/moodle/moodle@4.3.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-rcr9-z41f-sqbr" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/83187?format=api", "purl": "pkg:composer/moodle/moodle@4.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17k8-g4xw-b7g9" }, { "vulnerability": "VCID-1efm-18zh-w7gm" }, { "vulnerability": "VCID-1wup-hjxg-f7g4" }, { "vulnerability": "VCID-29mv-feyq-guew" }, { "vulnerability": "VCID-2urf-d2qr-abdy" }, { "vulnerability": "VCID-3yre-ft3n-2fd3" }, { "vulnerability": "VCID-44zf-1dw7-qkf5" }, { "vulnerability": "VCID-4zvp-nmrk-4qbq" }, { "vulnerability": "VCID-5snb-dyv3-efe9" }, { "vulnerability": "VCID-5xhb-mx3v-fuhs" }, { "vulnerability": "VCID-61ry-zz34-8qhj" }, { "vulnerability": "VCID-657g-68tv-dkam" }, { "vulnerability": "VCID-6cvg-r9am-wbh5" }, { "vulnerability": "VCID-7trf-g8dq-tua1" }, { "vulnerability": "VCID-8uah-srba-6ubb" }, { "vulnerability": "VCID-9rqr-xzr8-5fgf" }, { "vulnerability": "VCID-9xk9-qb9x-jfcs" }, { "vulnerability": "VCID-a1ek-x154-5ydy" }, { "vulnerability": "VCID-dky9-v96e-pubh" }, { "vulnerability": "VCID-dr5e-6s1a-6uas" }, { "vulnerability": "VCID-f1da-1duc-2uhb" }, { "vulnerability": "VCID-ffp4-23na-rkgr" }, { "vulnerability": "VCID-gwnb-e3gt-kqcb" }, { "vulnerability": "VCID-gzdw-424p-mqfa" }, { "vulnerability": "VCID-hufb-p6pa-63c9" }, { "vulnerability": "VCID-j3ts-5ghc-4qct" }, { "vulnerability": "VCID-jjsw-9p4b-m3e5" }, { "vulnerability": "VCID-kwhy-pkt9-1kfe" }, { "vulnerability": "VCID-m2a7-q28u-1yfw" }, { "vulnerability": "VCID-mnx8-118d-efcr" }, { "vulnerability": "VCID-nctp-rev5-puej" }, { "vulnerability": "VCID-pd2f-4kxt-bkgp" }, { "vulnerability": "VCID-sgdq-5ha7-nfh2" }, { "vulnerability": "VCID-t8vm-tfnq-5kak" }, { "vulnerability": "VCID-ueyy-v42v-7ydh" }, { "vulnerability": "VCID-vsrk-zp7j-w7bk" }, { "vulnerability": "VCID-vve8-f9s9-v7ft" }, { "vulnerability": "VCID-wby4-h9ud-1yh5" }, { "vulnerability": "VCID-wwx4-ns21-k3hd" }, { "vulnerability": "VCID-wytb-bryq-yqb4" }, { "vulnerability": "VCID-xqha-pgc4-3udb" }, { "vulnerability": "VCID-yby1-g45r-rugg" }, { "vulnerability": "VCID-ykj6-ptd4-7qfs" }, { "vulnerability": "VCID-z5u9-5522-h7fx" }, { "vulnerability": "VCID-z693-m8fg-63cc" }, { "vulnerability": "VCID-zjqu-hbpf-9qe1" }, { "vulnerability": "VCID-zrjj-atms-8uf9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" } ], "aliases": [ "CVE-2024-43435", "GHSA-4gq2-x5w4-7hp8" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwny-t2ez-y3e1" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.2" }