Description

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.

Remediation

References

CVE-2022-0984

Related Vulnerabilities

PostgreSQL CVE-2009-3229 Vulnerability (CVE-2009-3229)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9681)

SharePoint Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2816)

WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.6.0)

Drupal CVE-2014-9016 Vulnerability (CVE-2014-9016)

Severity

Medium

Classification

CVE-2022-0984 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities