CVE-2022-0985

Improper Authentication in packagist/moodle/moodle

Identifiers

CVE-2022-0985

Package Slug

packagist/moodle/moodle

Vulnerability

Improper Authentication

Description

Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.

Affected Versions

All versions before 3.9.13, all versions starting from 3.10.0 before 3.10.10, all versions starting from 3.11.0 before 3.11.6

Solution

Upgrade to versions 3.9.13, 3.10.10, 3.11.6 or above.

Last Modified

2022-05-13

source