9.8

CVE-2022-30600

A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MoodleMoodle Version >= 3.9 < 3.9.14
MoodleMoodle Version >= 3.10 < 3.10.11
MoodleMoodle Version >= 3.11 < 3.11.7
MoodleMoodle Version4.0.0 Update-
RedhatEnterprise Linux Version8.0 SwEdition-
FedoraprojectFedora Version34
FedoraprojectFedora Version35
FedoraprojectFedora Version36
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.88% 0.909
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5/
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-73736
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2083613
Third Party Advisory
Issue Tracking
https://moodle.org/mod/forum/discuss.php?d=434582
Vendor Advisory