CVE-2022-0983: SQL Injection
First published: Tue Mar 15 2022(Updated: )
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle Moodle | >=3.9.0<3.9.13 | |
| Moodle Moodle | >=3.10.0<3.10.10 | |
| Moodle Moodle | >=3.11.0<3.11.6 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Fedoraproject Extra Packages For Enterprise Linux | =7.0 | |
| redhat/moodle | <3.11.6 | 3.11.6 |
| redhat/moodle | <3.10.10 | 3.10.10 |
| redhat/moodle | <3.9.13 | 3.9.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2064119
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y/
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74074
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2064124
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2064126
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y/
Frequently Asked Questions
What is CVE-2022-0983?
CVE-2022-0983 is an SQL injection vulnerability in the Badges code of Moodle.
Who is affected by CVE-2022-0983?
Users of Moodle versions 3.9.0 to 3.9.13, 3.10.0 to 3.10.10, and 3.11.0 to 3.11.6 are affected. Fedora versions 35 and 36, and Fedora Extra Packages for Enterprise Linux 7.0 are also affected.
What is the severity of CVE-2022-0983?
The severity of CVE-2022-0983 is rated as high, with a severity score of 8.8.
How can I fix CVE-2022-0983?
To fix CVE-2022-0983, users should upgrade to Moodle version 3.9.14, 3.10.11, or 3.11.7. Fedora users should update to the latest available package updates.
Where can I find more information about CVE-2022-0983?
More information about CVE-2022-0983 can be found at the following references: [Bugzilla Red Hat](https://bugzilla.redhat.com/show_bug.cgi?id=2064119), [Fedora Security](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4GRMWBGHOJMFXMTORECQNULJK7ZJJ6Y/), [Moodle Git](http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74074).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-0983
- agent/software-canonical-lookup
- agent/tags
- agent/event
- vendor/moodle
- canonical/moodle moodle
- version/moodle moodle/3.9.0
- version/moodle moodle/3.10.0
- version/moodle moodle/3.11.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- canonical/fedoraproject extra packages for enterprise linux
- version/fedoraproject extra packages for enterprise linux/7.0
- package-manager/redhat