CVE-2022-30599
https://notcve.org/view.php?id=CVE-2022-30599
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Se encontró un fallo en moodle donde se identificó un riesgo de inyección SQL en el código de Badges relacionado con la configuración de criterios • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74333 https://bugzilla.redhat.com/show_bug.cgi?id=2083610 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5 https://moodle.org/mod/foru • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-30598
https://notcve.org/view.php?id=CVE-2022-30598
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. Se ha detectado un fallo en moodle por el que los resultados de la búsqueda global podrían incluir información sobre el autor de algunas actividades a las que un usuario no tendría acceso • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71623 https://bugzilla.redhat.com/show_bug.cgi?id=2083592 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5 https://moodle.org/mod/foru • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-30597
https://notcve.org/view.php?id=CVE-2022-30597
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. Se detectó un fallo en moodle por el que el campo de usuario descripción no era ocultado cuando era configurado como campo de usuario oculto • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74318 https://bugzilla.redhat.com/show_bug.cgi?id=2083585 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5 https://moodle.org/mod/foru • CWE-472: External Control of Assumed-Immutable Web Parameter •
CVE-2022-30596
https://notcve.org/view.php?id=CVE-2022-30596
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. Se ha encontrado un fallo en moodle donde los números de identificación mostrados cuando son asignan marcadores de forma masiva a las asignaciones requerían un saneo adicional para prevenir un riesgo de ataque de tipo XSS almacenado • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204 https://bugzilla.redhat.com/show_bug.cgi?id=2083583 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5 https://moodle.org/mod/foru • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-29162 – Incorrect Default Permissions in runc
https://notcve.org/view.php?id=CVE-2022-29162
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. • https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5 https://github.com/opencontainers/runc/releases/tag/v1.1.2 https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66 https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND • CWE-276: Incorrect Default Permissions •