Description

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

Remediation

References

CVE-2022-40316

Related Vulnerabilities

WordPress Plugin Xhanch-My Twitter Cross-Site Request Forgery (2.7.6)

WordPress Plugin Slick Popup:Contact Form 7 Popup Privilege Escalation (1.7.1)

Grafana Insufficiently Protected Credentials Vulnerability (CVE-2022-31130)

WordPress Plugin CAC Featured Content TimThumb Arbitrary File Upload (0.8)

WordPress Plugin Print My Blog-Print, PDF, & eBook Converter Cross-Site Request Forgery (3.4.1)

Severity

Medium

Classification

CVE-2022-40316 CWE-668 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities