Description

lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service.

Remediation

References

CVE-2014-7831

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1161)

WordPress Plugin Abandoned Cart Recovery for WooCommerce Cross-Site Request Forgery (1.0.4)

XOOPS Other Vulnerability (CVE-2005-2112)

Oracle Database Server CVE-2008-0342 Vulnerability (CVE-2008-0342)

MySQL CVE-2015-4895 Vulnerability (CVE-2015-4895)

Severity

Medium

Classification

CVE-2014-7831 CWE-200

Tags

Missing Update Known Vulnerabilities