CVE-2022-30598: 
PHP vulnerability analysis and mitigation

CVE-2022-30598 is a security vulnerability discovered in Moodle, a Course Management System, where global search results could expose author information for certain activities even when users should not have access to this information. The vulnerability was disclosed on May 17, 2022, affecting Moodle versions 4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13, and earlier unsupported versions (Moodle Forum).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires low attack complexity and can be exploited remotely with low privileges, potentially leading to unauthorized information disclosure (NVD).

The primary impact of this vulnerability is the potential exposure of author information through global search results in cases where such information should be restricted. This could lead to unauthorized access to user data, compromising the privacy and confidentiality of content authors within the Moodle platform (Red Hat Bugzilla).

The vulnerability has been fixed in Moodle versions 4.0.1, 3.11.7, 3.10.11, and 3.9.14. Users are advised to upgrade to these or later versions to mitigate the security risk (Moodle Forum).