Description

Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.

Remediation

References

CVE-2022-0985

Related Vulnerabilities

Apache HTTP Server CVE-2024-40725 Vulnerability (CVE-2024-40725)

WordPress Plugin Clone Cross-Site Scripting (2.1.1)

MySQL CVE-2019-2607 Vulnerability (CVE-2019-2607)

WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) Cross-Site Scripting (6.20.2)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6332)

Severity

Medium

Classification

CVE-2022-0985 CWE-287 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities