GHSA-v2rh-5v88-rgvh

Suggest an improvement
Source
https://github.com/advisories/GHSA-v2rh-5v88-rgvh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v2rh-5v88-rgvh/GHSA-v2rh-5v88-rgvh.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-v2rh-5v88-rgvh
Aliases
Published
2022-05-13T01:22:28Z
Modified
2024-02-16T08:07:18.041712Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Moodle context freezing
Details

A vulnerability was found in moodle before version 3.6.3. The getwithcapabilityjoin and getusersbycapability functions were not taking context freezing into account when checking user capabilities

References

Affected packages

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.6
Fixed
3.6.3

Affected versions

v3.*

v3.6.0-beta
v3.6.0-rc1
v3.6.0-rc2
v3.6.0-rc3
v3.6.0
v3.6.1
v3.6.2