CVE-2022-40208: Moodle may allow students to bypass sequential navigation during a quiz attempt

March 24, 2023 (updated March 30, 2023)

In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.

References

git.moodle.org/gw?p=moodle.git;a=commitdiff;h=025e0297b65e6a8bd61efad0fdf36168c613f918
github.com/advisories/GHSA-948f-j464-rfj2
github.com/moodle/moodle/commit/025e0297b65e6a8bd61efad0fdf36168c613f918
moodle.org/mod/forum/discuss.php?d=438761
nvd.nist.gov/vuln/detail/CVE-2022-40208

Code Behaviors & Features

Detect and mitigate CVE-2022-40208 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →