CVE-2022-0984

MEDIUM

Moodle 3.9.0-3.9.12 and 3.11.0-3.11.5 - Incorrect Authorization in Badge Criteria Configuration

Title source: llm
STIX 2.1

Description

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.

References (1)

Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2064118

Scores

CVSS v3 4.3
EPSS 0.0019
EPSS Percentile 39.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-863
Status published
Products (6)
fedoraproject/fedora 34
fedoraproject/fedora 35
fedoraproject/fedora 36
moodle/moodle 3.11.0 - 3.11.6Packagist
moodle/moodle 3.9.0 - 3.9.13
redhat/enterprise_linux 7.0
Published Apr 29, 2022
Tracked Since Feb 18, 2026