CVE-2022-0334
Insufficient user authorization in Moodle
4.3
MEDIUM
CVSS 3.1
EPSS 0.15%
Description
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.
How to fix CVE-2022-0334
To remediate CVE-2022-0334, upgrade the affected package to a fixed version below.
- —upgrade to 3.8.10 or later
- —upgrade to 3.11.5 or later
Is CVE-2022-0334 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.8.10, >= 3.9.0, < 3.9.12, >= 3.10.0, < 3.10.9, >= 3.11.0, < 3.11.5
- >= 3.11, < 3.11.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |