MSA-22-0007: Possible to reach the profile field badge criteria on a course page
|
Información sobre el sistema
|
| |
|
|
Software afectado |
PHP |
Descripción
|
di Michael Hawkins. Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.Severity/Risk:MinorVersions affected:3.11 to 3.11.5, 3.10 to 3.10.9, 3.9 to 3.9.12 and earlier unsupported versionsVersions fixed:3.11.6, 3.10.10 and 3.9.13Reported by:Andrew LyonsWorkaround:Remove the moodle/badges:configurecriteria capability from users to prevent them
More info:
https://moodle.org/mod/forum/discuss.php?d=432949&parent=1742075 |
Identificadores estándar
|
|
Propiedad |
Valor |
|
CVE |
CVE-2022-0984. |
