Description

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.

Remediation

References

CVE-2022-0334

Related Vulnerabilities

WordPress Plugin Client Invoicing by Sprout Invoices-Easy Estimates and Invoices for WordPress Cross-Site Scripting (19.9.6)

Atlassian Jira Improper Authentication Vulnerability (CVE-2021-39119)

YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4208)

WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-16220)

Joomla CVE-2009-3945 Vulnerability (CVE-2009-3945)

Severity

Medium

Classification

CVE-2022-0334 CWE-668 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities