GHSA-6q9g-3vfq-q2qj

Suggest an improvement
Source
https://github.com/advisories/GHSA-6q9g-3vfq-q2qj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-6q9g-3vfq-q2qj/GHSA-6q9g-3vfq-q2qj.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-6q9g-3vfq-q2qj
Aliases
Published
2022-04-30T00:00:36Z
Modified
2023-12-06T00:46:48.221425Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Improper Authentication in moodle
Details

Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.

Database specific
{
    "nvd_published_at": "2022-04-29T16:15:00Z",
    "cwe_ids": [
        "CWE-287",
        "CWE-863"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-24T22:20:25Z"
}
References

Affected packages

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.11.0
Fixed
3.11.6

Affected versions

v3.*

v3.11.0
v3.11.1
v3.11.2
v3.11.3
v3.11.4
v3.11.5

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.10.0
Fixed
3.10.10

Affected versions

v3.*

v3.10.0
v3.10.1
v3.10.2
v3.10.3
v3.10.4
v3.10.5
v3.10.6
v3.10.7
v3.10.8
v3.10.9

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.9
Fixed
3.9.13

Affected versions

v3.*

v3.9.0-beta
v3.9.0-rc1
v3.9.0-rc2
v3.9.0-rc3
v3.9.0
v3.9.1
v3.9.2
v3.9.3
v3.9.4
v3.9.5
v3.9.6
v3.9.7
v3.9.8
v3.9.9
v3.9.10
v3.9.11
v3.9.12