CVE-2022-0984
published 2022-04-29CVE-2022-0984: Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| moodle | moodle | — | — |
| moodle | moodle | >= 0 < 3.9.13 | 3.9.13 |
| moodle | moodle | >= 3.10.0 < 3.10.10 | 3.10.10 |
| moodle | moodle | >= 3.10.0 < 3.10.10 | 3.10.10 |
| moodle | moodle | >= 3.11.0 < 3.11.6 | 3.11.6 |
| moodle | moodle | >= 3.11.0 < 3.11.6 | 3.11.6 |
| moodle | moodle | >= 3.9.0 < 3.9.13 | 3.9.13 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
osv4.3MEDIUM
cisa8.8HIGH
GHSA
Missing authorization in Moodle
ghsa·2022-04-30
CVE-2022-0984 [MEDIUM] CWE-863 Missing authorization in Moodle
Missing authorization in Moodle
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
OSV
Missing authorization in Moodle
osv·2022-04-30
CVE-2022-0984 [MEDIUM] Missing authorization in Moodle
Missing authorization in Moodle
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
OSV
CVE-2022-0984: Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field crite
osv·2022-04-29·CVSS 4.3
CVE-2022-0984 [MEDIUM] CVE-2022-0984: Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field crite
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
CISA
Adobe Flash Player and AIR Use-After-Free Vulnerability
cisa·2022-05-25·CVSS 8.8
CVE-2016-0984 [HIGH] CWE-416 Adobe Flash Player and AIR Use-After-Free Vulnerability
Vulnerability: Adobe Flash Player and AIR Use-After-Free Vulnerability
Affected: Adobe Flash Player and AIR
Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.
Required Action: The impacted products are end-of-life and should be disconnected if still in use.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-0984
Remediation Due Date: 2022-06-15
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-04-29
Published