CVE-2022-30597 — External Control of Assumed-Immutable Web Parameter in Moodle

Severity

5.3MEDIUMNVD

EPSS

0.5%

top 35.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 18

Latest updateMay 19

Description

A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

▶NVDmoodle/moodle3.9 — 3.9.14+3

▶Packagistmoodle/moodle4.0 — 4.0.1+3

▶CVEListV5moodle/moodleAffects : 4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versions

Also affects: Fedora 34, 35, 36, Enterprise Linux 8.0

GHSA

External Control of Assumed-Immutable Web Parameter in moodle↗2022-05-19

▶

OSV

External Control of Assumed-Immutable Web Parameter in moodle↗2022-05-19

▶

OSV

CVE-2022-30597: A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field↗2022-05-18

▶

CVEList

CVE-2022-30597: A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field↗2022-05-18

▶