CVE-2022-0334

{"id": "CVE-2022-0334", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2022-01-25T20:15:08.850", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043664", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://moodle.org/mod/forum/discuss.php?d=431102", "tags": ["Patch", "Vendor Advisory"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}, {"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en Moodle versiones 3.11 hasta 3.11.4, versiones 3.10 hasta 3.10.8, versiones 3.9 hasta 3.9.11 y versiones anteriores no soportadas. Una comprobaci\u00f3n insuficiente de las capacidades pod\u00eda conllevar a que usuarios accedieran a su informe de calificaciones para cursos en los que no ten\u00edan la capacidad gradereport/user:view requerida"}], "lastModified": "2022-12-21T15:01:19.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFF97774-FD86-4BE1-8DFF-59F258DEA373", "versionEndIncluding": "3.8.9"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E187FFF-97DB-431B-8091-688365F64E5C", "versionEndIncluding": "3.9.11", "versionStartIncluding": "3.9.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E98FAEBB-D02A-4FFC-A1D4-5D802DDF93CA", "versionEndExcluding": "3.10.9", "versionStartIncluding": "3.10.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34662C74-C275-45EE-B237-C5756ADB164B", "versionEndExcluding": "3.11.5", "versionStartIncluding": "3.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}