First published: Fri Jan 21 2022(Updated: )
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.
Credit: patrick@puiterwijk.org patrick@puiterwijk.org
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | <=3.8.9 | |
Moodle Moodle | >=3.9.0<3.9.12 | |
Moodle Moodle | >=3.10.0<3.10.9 | |
Moodle Moodle | >=3.11.0<3.11.5 | |
composer/moodle/moodle | >=3.9<3.9.11 | 3.9.11 |
composer/moodle/moodle | >=3.10<3.10.8 | 3.10.8 |
composer/moodle/moodle | >=3.11<3.11.5 | 3.11.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-0333 is a vulnerability found in Moodle that allows managers to access or modify any calendar event, but should have been restricted from accessing user level events.
Moodle versions 3.11 to 3.11.4, 3.10 to 3.10.8, and 3.9 to 3.9.11 are affected by CVE-2022-0333.
CVE-2022-0333 has a severity rating of 3.8, which is considered medium.
To fix CVE-2022-0333, you should update Moodle to versions 3.9.11, 3.10.8, or 3.11.5, depending on the version you are running.
You can find more information about CVE-2022-0333 in Moodle on the following references: [1] [2] [3].