What the vulnerability does

01Description

Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.

Key dates

02Disclosure timeline

April 29, 2022 CVE published
August 2, 2024 Record updated