7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
69.3%
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | lt | 3.11.7 | |
moodle/moodle | lt | 3.10.11 | |
moodle/moodle | lt | 3.9.14 | |
moodle/moodle | lt | 4.0.1 |
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-73736
bugzilla.redhat.com/show_bug.cgi?id=2083613
github.com/advisories/GHSA-w37f-pvvx-wcwm
github.com/moodle/moodle/commit/59b5858da200f63ecb59a9113af2b99ef1496fe5
lists.fedoraproject.org/archives/list/[email protected]/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6/
lists.fedoraproject.org/archives/list/[email protected]/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ/
lists.fedoraproject.org/archives/list/[email protected]/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5/
moodle.org/mod/forum/discuss.php?d=434582
nvd.nist.gov/vuln/detail/CVE-2022-30600
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
69.3%