GitHub Advisory DatabaseGHSA-93PJ-4P65-QMR9Insufficient user authorization in Moodle
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
22.9%
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | lt | 3.9.11 | |
| moodle/moodle | lt | 3.10.8 | |
| moodle/moodle | lt | 3.11.5 |
References
bugzilla.redhat.com/show_bug.cgi?id=2043664
github.com/advisories/GHSA-93pj-4p65-qmr9
github.com/moodle/moodle/commit/1964d68f8500ea3c7b776fa8a2af6266ed109f84
github.com/moodle/moodle/commit/6d18f136ae88ec97e351a723df570816a959ec68
moodle.org/mod/forum/discuss.php?d=431102
nvd.nist.gov/vuln/detail/CVE-2022-0334
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
22.9%