CVE-2022-30599

Description

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.

How to fix CVE-2022-30599

To remediate CVE-2022-30599, upgrade the affected package to a fixed version below.

• Bitnami/moodle—upgrade to 3.9.14 or later
• Packagist/moodle/moodle—upgrade to 4.0.1 or later

Is CVE-2022-30599 being exploited?

Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• >= 3.9.0, < 3.9.14, >= 3.10.0, < 3.10.11, >= 3.11.0, < 3.11.7, >= 4.0.0, < 4.0.1
• >= 4.0, < 4.0.1

CVSS scores

References (12)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-30599
• PATCHgithub.com/moodle/moodle
• WEBgit.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74333
• WEBbugzilla.redhat.com/show_bug.cgi?id=2083610