CVE-2022-0334
MEDIUM4.3EPSS 0.15%Insufficient user authorization in Moodle
發布日:2022/1/28修改日:2023/12/6
描述
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.
受影響套件(2)
- Bitnami/moodlefrom 0, < 3.8.10, >= 3.9.0, < 3.9.12, >= 3.10.0, < 3.10.9, >= 3.11.0, < 3.11.5
- Packagist/moodle/moodle>= 3.11, < 3.11.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0334
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2043664
- WEBhttps://github.com/moodle/moodle/commit/1964d68f8500ea3c7b776fa8a2af6266ed109f84
- WEBhttps://github.com/moodle/moodle/commit/6d18f136ae88ec97e351a723df570816a959ec68
- WEBhttps://moodle.org/mod/forum/discuss.php?d=431102