vuln-list-alt/oval/p11/ALT-PU-2022-1064/definitions.json

{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20221064",
      "Version": "oval:org.altlinux.errata:def:20221064",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2022-1064: package `moodle` update to version 3.11.5-alt1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch p11"
            ],
            "Products": [
              "ALT Container"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2022-1064",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2022-1064",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2022-0332",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0332",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2022-0333",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0333",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2022-0334",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0334",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2022-0335",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-0335",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades moodle to version 3.11.5-alt1. \nSecurity Fix(es):\n\n * CVE-2022-0332: A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.\n\n * CVE-2022-0333: A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.\n\n * CVE-2022-0334: A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.\n\n * CVE-2022-0335: A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The \"delete badge alignment\" functionality did not include the necessary token check to prevent a CSRF risk.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Critical",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2022-01-17"
          },
          "Updated": {
            "Date": "2022-01-17"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2022-0332",
              "CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "CWE": "CWE-89",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0332",
              "Impact": "Critical",
              "Public": "20220125"
            },
            {
              "ID": "CVE-2022-0333",
              "CVSS": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
              "CWE": "CWE-863",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0333",
              "Impact": "Low",
              "Public": "20220125"
            },
            {
              "ID": "CVE-2022-0334",
              "CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
              "CWE": "CWE-668",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0334",
              "Impact": "Low",
              "Public": "20220125"
            },
            {
              "ID": "CVE-2022-0335",
              "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "CWE": "CWE-352",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-0335",
              "Impact": "High",
              "Public": "20220125"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:container:11"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:3001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20221064001",
                "Comment": "moodle is earlier than 0:3.11.5-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20221064002",
                "Comment": "moodle-apache2 is earlier than 0:3.11.5-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20221064003",
                "Comment": "moodle-base is earlier than 0:3.11.5-alt1"
              },
              {
                "TestRef": "oval:org.altlinux.errata:tst:20221064004",
                "Comment": "moodle-local-mysql is earlier than 0:3.11.5-alt1"
              }
            ]
          }
        ]
      }
    }
  ]
}