CVE-2022-0984
packagist/moodle/moodle
Incorrect Authorization
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
All versions starting from 3.9.0 before 3.9.13, all versions starting from 3.10.0 before 3.10.10, all versions starting from 3.11.0 before 3.11.6
Upgrade to versions 3.9.13, 3.10.10, 3.11.6 or above.
2022-05-12
source |