Skip to content

Commit f8242d4

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-422v-w6c5-vq42 GHSA-8fcv-4qp9-pg32 GHSA-rjcm-7v2p-9265 GHSA-422v-w6c5-vq42 GHSA-8fcv-4qp9-pg32
1 parent 7e4b346 commit f8242d4

File tree

5 files changed

+255
-84
lines changed

5 files changed

+255
-84
lines changed

advisories/github-reviewed/2025/10/GHSA-422v-w6c5-vq42/GHSA-422v-w6c5-vq42.json

Lines changed: 130 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,130 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-422v-w6c5-vq42",
4+
"modified": "2025-10-24T20:59:12Z",
5+
"published": "2025-10-23T12:31:17Z",
6+
"aliases": [
7+
"CVE-2025-62400"
8+
],
9+
"summary": "Moodle exposed the names of hidden groups to users",
10+
"details": "Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "moodle/moodle"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "5.0.0-beta"
29+
},
30+
{
31+
"fixed": "5.0.3"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "moodle/moodle"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "4.5.0-beta"
48+
},
49+
{
50+
"fixed": "4.5.7"
51+
}
52+
]
53+
}
54+
]
55+
},
56+
{
57+
"package": {
58+
"ecosystem": "Packagist",
59+
"name": "moodle/moodle"
60+
},
61+
"ranges": [
62+
{
63+
"type": "ECOSYSTEM",
64+
"events": [
65+
{
66+
"introduced": "4.2.0-beta"
67+
},
68+
{
69+
"fixed": "4.4.11"
70+
}
71+
]
72+
}
73+
]
74+
},
75+
{
76+
"package": {
77+
"ecosystem": "Packagist",
78+
"name": "moodle/moodle"
79+
},
80+
"ranges": [
81+
{
82+
"type": "ECOSYSTEM",
83+
"events": [
84+
{
85+
"introduced": "0"
86+
},
87+
{
88+
"fixed": "4.1.21"
89+
}
90+
]
91+
}
92+
]
93+
}
94+
],
95+
"references": [
96+
{
97+
"type": "ADVISORY",
98+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62400"
99+
},
100+
{
101+
"type": "WEB",
102+
"url": "https://github.com/moodle/moodle/commit/0c70d67059658879a71152ea075c74154a627d05"
103+
},
104+
{
105+
"type": "WEB",
106+
"url": "https://access.redhat.com/security/cve/CVE-2025-62400"
107+
},
108+
{
109+
"type": "WEB",
110+
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404433"
111+
},
112+
{
113+
"type": "PACKAGE",
114+
"url": "https://github.com/moodle/moodle"
115+
},
116+
{
117+
"type": "WEB",
118+
"url": "https://moodle.org/mod/forum/discuss.php?d=470389"
119+
}
120+
],
121+
"database_specific": {
122+
"cwe_ids": [
123+
"CWE-200"
124+
],
125+
"severity": "MODERATE",
126+
"github_reviewed": true,
127+
"github_reviewed_at": "2025-10-24T20:59:12Z",
128+
"nvd_published_at": "2025-10-23T12:15:32Z"
129+
}
130+
}

advisories/github-reviewed/2025/10/GHSA-8fcv-4qp9-pg32/GHSA-8fcv-4qp9-pg32.json

Lines changed: 92 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,92 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8fcv-4qp9-pg32",
4+
"modified": "2025-10-24T20:59:21Z",
5+
"published": "2025-10-23T12:31:16Z",
6+
"aliases": [
7+
"CVE-2025-62394"
8+
],
9+
"summary": "Moodle sends quiz-related messages to inactive/suspended users",
10+
"details": "Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "moodle/moodle"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "5.0.0-beta"
29+
},
30+
{
31+
"fixed": "5.0.3"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Packagist",
40+
"name": "moodle/moodle"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "4.5.0-beta"
48+
},
49+
{
50+
"fixed": "4.5.7"
51+
}
52+
]
53+
}
54+
]
55+
}
56+
],
57+
"references": [
58+
{
59+
"type": "ADVISORY",
60+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62394"
61+
},
62+
{
63+
"type": "WEB",
64+
"url": "https://github.com/moodle/moodle/commit/022bfbfb564d8f3866a43d26eed215213bbdd28a"
65+
},
66+
{
67+
"type": "WEB",
68+
"url": "https://access.redhat.com/security/cve/CVE-2025-62394"
69+
},
70+
{
71+
"type": "WEB",
72+
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404427"
73+
},
74+
{
75+
"type": "PACKAGE",
76+
"url": "https://github.com/moodle/moodle"
77+
},
78+
{
79+
"type": "WEB",
80+
"url": "https://moodle.org/mod/forum/discuss.php?d=470383"
81+
}
82+
],
83+
"database_specific": {
84+
"cwe_ids": [
85+
"CWE-863"
86+
],
87+
"severity": "MODERATE",
88+
"github_reviewed": true,
89+
"github_reviewed_at": "2025-10-24T20:59:21Z",
90+
"nvd_published_at": "2025-10-23T12:15:31Z"
91+
}
92+
}

advisories/unreviewed/2025/10/GHSA-rjcm-7v2p-9265/GHSA-rjcm-7v2p-9265.json renamed to advisories/github-reviewed/2025/10/GHSA-rjcm-7v2p-9265/GHSA-rjcm-7v2p-9265.json

Lines changed: 33 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,49 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-rjcm-7v2p-9265",
4-
"modified": "2025-10-23T15:30:34Z",
4+
"modified": "2025-10-24T20:59:26Z",
55
"published": "2025-10-23T12:31:16Z",
66
"aliases": [
77
"CVE-2025-62393"
88
],
9+
"summary": "Moodle course access permissions are not properly checked in course_output_fragment_course_overview",
910
"details": "A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
1314
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
1415
}
1516
],
16-
"affected": [],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Packagist",
21+
"name": "moodle/moodle"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "5.0.0-beta"
29+
},
30+
{
31+
"fixed": "5.0.3"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
2041
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62393"
2142
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/moodle/moodle/commit/fc69b4744ba0132cc3093fd81940be15bc293835"
46+
},
2247
{
2348
"type": "WEB",
2449
"url": "https://access.redhat.com/security/cve/CVE-2025-62393"
@@ -27,6 +52,10 @@
2752
"type": "WEB",
2853
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404426"
2954
},
55+
{
56+
"type": "PACKAGE",
57+
"url": "https://github.com/moodle/moodle"
58+
},
3059
{
3160
"type": "WEB",
3261
"url": "https://moodle.org/mod/forum/discuss.php?d=470381"
@@ -37,8 +66,8 @@
3766
"CWE-284"
3867
],
3968
"severity": "MODERATE",
40-
"github_reviewed": false,
41-
"github_reviewed_at": null,
69+
"github_reviewed": true,
70+
"github_reviewed_at": "2025-10-24T20:59:26Z",
4271
"nvd_published_at": "2025-10-23T12:15:31Z"
4372
}
4473
}

advisories/unreviewed/2025/10/GHSA-422v-w6c5-vq42/GHSA-422v-w6c5-vq42.json

Lines changed: 0 additions & 40 deletions
This file was deleted.

advisories/unreviewed/2025/10/GHSA-8fcv-4qp9-pg32/GHSA-8fcv-4qp9-pg32.json

Lines changed: 0 additions & 40 deletions
This file was deleted.

0 commit comments

Comments
 (0)