PT-2022-2039 · Moodle+2 · Moodle+2

Tej Rathi

Published

2022-03-14

Updated

2024-03-06

CVE-2022-0984

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified)

Description The issue is related to insufficient access control in the virtual learning environment. It allows users with the capability to configure badge criteria, such as teachers and managers by default, to configure course badges with profile field criteria. This capability should only be available for site badges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Incorrect Authorization

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-284

Related Identifiers

ALT-PU-2022-1476

ALT-PU-2022-2450

BDU:2022-01638

BIT-MOODLE-2022-0984

CVE-2022-0984

GHSA-C5HF-MC85-2HX4

Affected Products

Alt Linux

Moodle

Red Os

PT-2022-2039 · Moodle+2 · Moodle+2

CVE-2022-0984

Weakness Enumeration

Related Identifiers

Affected Products

References · 19