MSA-22-0006: Users with moodle/site:uploadusers but without moodle/user:delete could delete users
|
Información sobre el sistema
|
|
|
Software afectado |
PHP |
Descripción
|
di Michael Hawkins. Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.Severity/Risk:MinorVersions affected:3.11 to 3.11.5, 3.10 to 3.10.9, 3.9 to 3.9.12 and earlier unsupported versionsVersions fixed:3.11.6, 3.10.10 and 3.9.13Reported by:Chris PrattWorkaround:Remove the moodle/site:uploadusers capability from users who do not also have the moodle/user:delete capability, until
More info:
https://moodle.org/mod/forum/discuss.php?d=432948&parent=1742074 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2022-0985. |