Description

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.

Remediation

References

CVE-2022-0984

Related Vulnerabilities

WordPress Plugin WordPress Clean Up & Optimizer-Clean Up Optimizer Multiple Unspecified Vulnerabilities (4.0.12)

Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-23969)

PostgreSQL Other Vulnerability (CVE-2003-0901)

WordPress Plugin lasTunes Cross-Site Scripting (3.6.1)

WordPress Plugin s2Member Pro 'Coupon Code' Field HTML Injection (111216)

Severity

Medium

Classification

CVE-2022-0984 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities