Description
course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google Analytics Top Content Widget Cross-Site Scripting (1.5.6)
WordPress Plugin Product Catalog SQL Injection (3.1.2)
Atlassian Jira Insufficient Session Expiration Vulnerability (CVE-2021-39113)
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-23498)