Lucene search

[email protected]NVD:CVE-2022-0984

HistoryApr 29, 2022 - 5:15 p.m.

CVE-2022-0984

2022-04-2917:15:20

CWE-863

[email protected]

web.nvd.nist.gov

users badge criteria

configuration bypass

restrictions

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.

Affected configurations

Nvd

Node

moodlemoodleRange3.9.0–3.9.13

moodlemoodleRange3.10.0–3.10.10

moodlemoodleRange3.11.0–3.11.6

Node

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

Node

redhatenterprise_linuxMatch7.0

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
fedoraprojectfedora36cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*
fedoraproject	fedora	36	cpe:2.3:o:fedoraproject:fedora:36:::::::*
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*