PT-2022-13112 · Moodle+1 · Moodle+1
Deds Castillo
·
Published
2022-01-17
·
Updated
2024-03-06
·
CVE-2022-0334
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 3.11 to 3.11.4
Moodle versions 3.10 to 3.10.8
Moodle versions 3.9 to 3.9.11
Moodle versions earlier than 3.9
Description
A flaw was found in the software that could allow users to access their grade report for courses where they did not have the required
gradereport/user:view capability due to insufficient capability checks.Recommendations
For versions 3.11 to 3.11.4, update to a version later than 3.11.4 to resolve the issue.
For versions 3.10 to 3.10.8, update to a version later than 3.10.8 to resolve the issue.
For versions 3.9 to 3.9.11, update to a version later than 3.9.11 to resolve the issue.
For versions earlier than 3.9, update to a version later than 3.9.11 to resolve the issue.
Fix
Incorrect Authorization
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Moodle