CVE-2022-30600
published 2022-05-18CVE-2022-30600: A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | >= 3.10 < 3.10.11 | 3.10.11 |
| moodle | moodle | >= 3.10 < 3.10.11 | 3.10.11 |
| moodle | moodle | >= 3.11 < 3.11.7 | 3.11.7 |
| moodle | moodle | >= 3.11 < 3.11.7 | 3.11.7 |
| moodle | moodle | >= 3.9 < 3.9.14 | 3.9.14 |
| moodle | moodle | >= 3.9 < 3.9.14 | 3.9.14 |
| moodle | moodle | >= 4.0 < 4.0.1 | 4.0.1 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
GHSA
Incorrect Calculation in moodle
ghsa·2022-05-19
CVE-2022-30600 [CRITICAL] CWE-682 Incorrect Calculation in moodle
Incorrect Calculation in moodle
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
OSV
Incorrect Calculation in moodle
osv·2022-05-19
CVE-2022-30600 [CRITICAL] Incorrect Calculation in moodle
Incorrect Calculation in moodle
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
OSV
CVE-2022-30600: A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed
osv·2022-05-18·CVSS 9.8
CVE-2022-30600 [CRITICAL] CVE-2022-30600: A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-73736https://bugzilla.redhat.com/show_bug.cgi?id=2083613https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5/https://moodle.org/mod/forum/discuss.php?d=434582http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-73736https://bugzilla.redhat.com/show_bug.cgi?id=2083613https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5/https://moodle.org/mod/forum/discuss.php?d=434582
2022-05-18
Published