Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-cr63-89au-4be2
Vulnerability ID VCID-cr63-89au-4be2
Aliases CVE-2022-40316
GHSA-385f-vgq7-8hhx
Summary
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-668 Exposure of Resource to Wrong Sphere
CWE-862 Missing Authorization
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00157 https://api.first.org/data/v1/epss?cve=CVE-2022-40316
cvssv3.1 4.3 https://bugzilla.redhat.com/show_bug.cgi?id=2128151
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2128151
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2128151
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-385f-vgq7-8hhx
cvssv3.1 4.3 https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle
cvssv3.1 4.3 https://moodle.org/mod/forum/discuss.php?d=438395
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=438395
ssvc Track https://moodle.org/mod/forum/discuss.php?d=438395
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-40316
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-40316
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-40316
https://bugzilla.redhat.com/show_bug.cgi?id=2128151
https://github.com/moodle/moodle
https://moodle.org/mod/forum/discuss.php?d=438395
CVE-2022-40316 https://nvd.nist.gov/vuln/detail/CVE-2022-40316
GHSA-385f-vgq7-8hhx https://github.com/advisories/GHSA-385f-vgq7-8hhx
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2128151
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:38:48Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2128151
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://moodle.org/mod/forum/discuss.php?d=438395
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T16:38:48Z/ Found at https://moodle.org/mod/forum/discuss.php?d=438395
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-40316
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.36257
EPSS Score 0.00157
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T22:20:20.656484+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.6.0