Description
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
Remediation
References
Related Vulnerabilities
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-17531)
MySQL CVE-2014-6463 Vulnerability (CVE-2014-6463)
Atlassian Jira Other Vulnerability (CVE-2019-14997)
Apache Traffic Server CVE-2022-47184 Vulnerability (CVE-2022-47184)
Oracle Database Server CVE-2010-0903 Vulnerability (CVE-2010-0903)