First published: Tue May 10 2022(Updated: )
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
Credit: patrick@puiterwijk.org patrick@puiterwijk.org
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | >=3.9<3.9.14 | |
Moodle Moodle | >=3.10<3.10.11 | |
Moodle Moodle | >=3.11<3.11.7 | |
Moodle Moodle | =4.0.0 | |
Redhat Enterprise Linux | =8.0 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
composer/moodle/moodle | >=3.9<3.9.14 | 3.9.14 |
composer/moodle/moodle | >=3.10<3.10.11 | 3.10.11 |
composer/moodle/moodle | >=3.11<3.11.7 | 3.11.7 |
composer/moodle/moodle | >=4.0<4.0.1 | 4.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-30598 is a vulnerability in Moodle that allows global search results to include author information on some activities where a user may not have access to it.
CVE-2022-30598 has a severity rating of 4.3, which is considered medium.
Moodle versions 3.9 to 3.9.14, 3.10 to 3.10.11, 3.11 to 3.11.7, and 4.0 to 4.0.1 are affected by CVE-2022-30598.
To fix CVE-2022-30598, upgrade your Moodle installation to version 3.9.14, 3.10.11, 3.11.7, or 4.0.1, depending on the version you are using.
You can find more information about CVE-2022-30598 at the following references: - [NVD](https://nvd.nist.gov/vuln/detail/CVE-2022-30598) - [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2083592) - [Moodle Forum](https://moodle.org/mod/forum/discuss.php?d=434580)