First published: Tue Mar 15 2022(Updated: )
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. Versions affected: 3.11 to 3.11.5, 3.10 to 3.10.9, 3.9 to 3.9.12 and earlier unsupported versions References: <a href="http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72972">http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72972</a>
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | <3.9.13 | |
Moodle Moodle | >=3.10.0<3.10.10 | |
Moodle Moodle | >=3.11.0<3.11.6 | |
composer/moodle/moodle | <3.9.13 | 3.9.13 |
composer/moodle/moodle | >=3.10.0<3.10.10 | 3.10.10 |
composer/moodle/moodle | >=3.11.0<3.11.6 | 3.11.6 |
composer/moodle/moodle | >=3.9<3.9.13 | 3.9.13 |
redhat/moodle | <3.11.6 | 3.11.6 |
redhat/moodle | <3.10.10 | 3.10.10 |
redhat/moodle | <3.9.13 | 3.9.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.