Description
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
Remediation
References
Related Vulnerabilities
Craft CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-3814)
Oracle JRE CVE-2020-2773 Vulnerability (CVE-2020-2773)
MySQL CVE-2018-3061 Vulnerability (CVE-2018-3061)
WordPress Plugin wordpress vertical image slider Multiple Vulnerabilities (1.0)
Roundcube Improper Privilege Management Vulnerability (CVE-2017-8114)