exploitDog

GHSA-5cx4-w4fh-fr57

Опубликовано: 03 фев. 2026

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Moodle Affected by Improper Restriction of Excessive Authentication Attempts

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.

Ссылки

Пакеты

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

< 4.1.22

4.1.22

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 4.4.0-beta, < 4.4.12

4.4.12

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 4.5.0-beta, < 4.5.8

4.5.8

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 5.0.0-beta, < 5.0.4

5.0.4

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 5.1.0-beta, < 5.1.1

5.1.1

EPSS

Процентиль: 2%

0.00015

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-307

Связанные уязвимости

CVE-2025-67853

CVSS3: 7.5

ubuntu

4 дня назад

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.

CVE-2025-67853

CVSS3: 7.5

nvd

4 дня назад

A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against user accounts.

CVE-2025-67853

CVSS3: 7.5

debian

4 дня назад

A flaw was found in Moodle. A remote attacker could exploit a lack of ...

EPSS

Процентиль: 2%

0.00015

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-307