{"id":"GHSA-6q9g-3vfq-q2qj","summary":"Improper Authentication in moodle","details":"Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.","aliases":["BIT-moodle-2022-0985","CVE-2022-0985"],"modified":"2023-12-06T00:46:48.221425Z","published":"2022-04-30T00:00:36Z","database_specific":{"severity":"MODERATE","github_reviewed_at":"2022-05-24T22:20:25Z","github_reviewed":true,"cwe_ids":["CWE-287","CWE-863"],"nvd_published_at":"2022-04-29T16:15:00Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0985"},{"type":"WEB","url":"https://github.com/moodle/moodle/commit/addd4f894d8173ec8ff0ae2212d51a1977e7bcad"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064117"},{"type":"PACKAGE","url":"https://github.com/moodle/moodle"}],"affected":[{"package":{"name":"moodle/moodle","ecosystem":"Packagist","purl":"pkg:composer/moodle/moodle"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.11.0"},{"fixed":"3.11.6"}]}],"versions":["v3.11.0","v3.11.1","v3.11.2","v3.11.3","v3.11.4","v3.11.5"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-6q9g-3vfq-q2qj/GHSA-6q9g-3vfq-q2qj.json"}},{"package":{"name":"moodle/moodle","ecosystem":"Packagist","purl":"pkg:composer/moodle/moodle"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.10.0"},{"fixed":"3.10.10"}]}],"versions":["v3.10.0","v3.10.1","v3.10.2","v3.10.3","v3.10.4","v3.10.5","v3.10.6","v3.10.7","v3.10.8","v3.10.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-6q9g-3vfq-q2qj/GHSA-6q9g-3vfq-q2qj.json"}},{"package":{"name":"moodle/moodle","ecosystem":"Packagist","purl":"pkg:composer/moodle/moodle"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.9"},{"fixed":"3.9.13"}]}],"versions":["v3.9.0","v3.9.0-beta","v3.9.0-rc1","v3.9.0-rc2","v3.9.0-rc3","v3.9.1","v3.9.10","v3.9.11","v3.9.12","v3.9.2","v3.9.3","v3.9.4","v3.9.5","v3.9.6","v3.9.7","v3.9.8","v3.9.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-6q9g-3vfq-q2qj/GHSA-6q9g-3vfq-q2qj.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}