CVE-2022-0334

MEDIUM

Moodle <3.11.4-3.10.8-3.9.11 - Info Disclosure

Title source: llm

Description

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.

References (2)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2043664

[Patch, Vendor Advisory] https://moodle.org/mod/forum/discuss.php?d=431102

Scores

CVSS v3 4.3

EPSS 0.0015

EPSS Percentile 35.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-668 CWE-863

Status published

Affected Products (2)

moodle/moodle < 3.8.9

moodle/moodle < 3.11.5Packagist

Timeline

Published Jan 25, 2022

Tracked Since Feb 18, 2026