Description

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

Remediation

References

CVE-2022-40316

Related Vulnerabilities

Craft CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-3814)

Oracle JRE CVE-2020-2773 Vulnerability (CVE-2020-2773)

MySQL CVE-2018-3061 Vulnerability (CVE-2018-3061)

WordPress Plugin wordpress vertical image slider Multiple Vulnerabilities (1.0)

Roundcube Improper Privilege Management Vulnerability (CVE-2017-8114)

Severity

Medium

Classification

CVE-2022-40316 CWE-668 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities