CVE-2022-30598
https://notcve.org/view.php?id=CVE-2022-30598
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. Se ha detectado un fallo en moodle por el que los resultados de la búsqueda global podrían incluir información sobre el autor de algunas actividades a las que un usuario no tendría acceso • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71623 https://bugzilla.redhat.com/show_bug.cgi?id=2083592 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5 https://moodle.org/mod/foru • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-30597
https://notcve.org/view.php?id=CVE-2022-30597
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. Se detectó un fallo en moodle por el que el campo de usuario descripción no era ocultado cuando era configurado como campo de usuario oculto • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74318 https://bugzilla.redhat.com/show_bug.cgi?id=2083585 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5 https://moodle.org/mod/foru • CWE-472: External Control of Assumed-Immutable Web Parameter •
CVE-2022-30596
https://notcve.org/view.php?id=CVE-2022-30596
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. Se ha encontrado un fallo en moodle donde los números de identificación mostrados cuando son asignan marcadores de forma masiva a las asignaciones requerían un saneo adicional para prevenir un riesgo de ataque de tipo XSS almacenado • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204 https://bugzilla.redhat.com/show_bug.cgi?id=2083583 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5 https://moodle.org/mod/foru • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •