Описание
Insufficient user authorization in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-0334
- https://github.com/moodle/moodle/commit/1964d68f8500ea3c7b776fa8a2af6266ed109f84
- https://github.com/moodle/moodle/commit/6d18f136ae88ec97e351a723df570816a959ec68
- https://bugzilla.redhat.com/show_bug.cgi?id=2043664
- https://moodle.org/mod/forum/discuss.php?d=431102
Пакеты
moodle/moodle
>= 3.11, < 3.11.5
3.11.5
moodle/moodle
>= 3.10, < 3.10.8
3.10.8
moodle/moodle
< 3.9.11
3.9.11
Связанные уязвимости
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...