vulnerability

Moodle: Missing Authorization (CVE-2022-40316)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Sep 30, 2022	Oct 6, 2022	Jan 28, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Sep 30, 2022

Added

Oct 6, 2022

Modified

Jan 28, 2025

Description

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

Solutions

moodle-upgrade-3_11_10moodle-upgrade-3_9_17moodle-upgrade-4_0_4

References

CVE-2022-40316
https://attackerkb.com/topics/CVE-2022-40316
URL-https://bugzilla.redhat.com/show_bug.cgi?id=2128151
URL-https://moodle.org/mod/forum/discuss.php?d=438395

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today