Vulnerability Description
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | >= 3.9.0, < 3.9.13 |
| Fedoraproject | Fedora | 35 |
| Fedoraproject | Extra Packages For Enterprise Linux | 7.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2064119Issue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://bugzilla.redhat.com/show_bug.cgi?id=2064119Issue TrackingThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2022-0983?
CVE-2022-0983 is a vulnerability with a CVSS score of 8.8 (HIGH). An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
How severe is CVE-2022-0983?
CVE-2022-0983 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0983?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle, Fedoraproject Fedora, Fedoraproject Extra Packages For Enterprise Linux.