CVE-2022-0984

Incorrect Authorization in packagist/moodle/moodle

Identifiers

CVE-2022-0984

Package Slug

packagist/moodle/moodle

Vulnerability

Incorrect Authorization

Description

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.

Affected Versions

All versions starting from 3.9.0 before 3.9.13, all versions starting from 3.10.0 before 3.10.10, all versions starting from 3.11.0 before 3.11.6

Solution

Upgrade to versions 3.9.13, 3.10.10, 3.11.6 or above.

Last Modified

2022-05-12

source