GHSA-qhc7-xhc2-7p7w

Source

https://github.com/advisories/GHSA-qhc7-xhc2-7p7w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-qhc7-xhc2-7p7w/GHSA-qhc7-xhc2-7p7w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qhc7-xhc2-7p7w

Aliases

CVE-2025-3634

Published

2025-04-25T15:31:22Z

Modified

2025-04-25T17:27:08.711246Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Moodle self enrollment available before completing second factor with MFA enabled

Details

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-25T16:30:54Z",
    "nvd_published_at": "2025-04-25T14:15:22Z",
    "cwe_ids": [
        "CWE-287"
    ],
    "severity": "MODERATE"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0-beta

Fixed

4.3.12

Affected versions

v4.*

v4.3.0-beta

v4.3.0-rc1

v4.3.0-rc2

v4.3.0

v4.3.1

v4.3.2

v4.3.3

v4.3.4

v4.3.5

v4.3.6

v4.3.7

v4.3.8

v4.3.9

v4.3.10

v4.3.11

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0-beta

Fixed

4.4.8

Affected versions

v4.*

v4.4.0-beta

v4.4.0-rc1

v4.4.0-rc2

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.4.4

v4.4.5

v4.4.6

v4.4.7

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0-beta

Fixed

4.5.4

Affected versions

v4.*

v4.5.0-beta

v4.5.0-rc1

v4.5.0-rc2

v4.5.0

v4.5.1

v4.5.2

v4.5.3