CVE-2022-0334

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2043664	Issue Tracking Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=431102	Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2043664	Issue Tracking Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=431102	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

History

21 Nov 2024, 06:38

Type	Values Removed	Values Added
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2043664 - Issue Tracking, Third Party Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2043664 - Issue Tracking, Third Party Advisory
References	~~() https://moodle.org/mod/forum/discuss.php?d=431102 - Patch, Vendor Advisory~~	() https://moodle.org/mod/forum/discuss.php?d=431102 - Patch, Vendor Advisory

Information

Published : 2022-01-25 20:15

Updated : 2024-11-21 06:38

NVD link : CVE-2022-0334

Mitre link : CVE-2022-0334

CVE.ORG link : CVE-2022-0334

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-863

Incorrect Authorization

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2022-0334", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-01-25T20:15:08.850", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043664", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=431102", "tags": ["Patch", "Vendor Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043664", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=431102", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en Moodle versiones 3.11 hasta 3.11.4, versiones 3.10 hasta 3.10.8, versiones 3.9 hasta 3.9.11 y versiones anteriores no soportadas. Una comprobaci\u00f3n insuficiente de las capacidades pod\u00eda conllevar a que usuarios accedieran a su informe de calificaciones para cursos en los que no ten\u00edan la capacidad gradereport/user:view requerida"}], "lastModified": "2024-11-21T06:38:24.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFF97774-FD86-4BE1-8DFF-59F258DEA373", "versionEndIncluding": "3.8.9"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E187FFF-97DB-431B-8091-688365F64E5C", "versionEndIncluding": "3.9.11", "versionStartIncluding": "3.9.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E98FAEBB-D02A-4FFC-A1D4-5D802DDF93CA", "versionEndExcluding": "3.10.9", "versionStartIncluding": "3.10.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34662C74-C275-45EE-B237-C5756ADB164B", "versionEndExcluding": "3.11.5", "versionStartIncluding": "3.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}