CVE-2022-0984

MEDIUM4.3EPSS 0.18%

Missing authorization in Moodle

發布日:2022/4/30修改日:2023/12/6

也稱為:GHSA-c5hf-mc85-2hx4BIT-moodle-2022-0984

描述

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.

受影響套件(2)

Bitnami/moodle>= 3.9.0, < 3.9.13, >= 3.10.0, < 3.10.10, >= 3.11.0, < 3.11.6
Packagist/moodle/moodle>= 3.11.0, < 3.11.6

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0984
PATCHhttps://github.com/moodle/moodle
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2064118
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2064125
WEBhttps://github.com/moodle/moodle/commit/cdc78a16a5da95a17fb10bf1c66689237f5a3f7d