Description

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.

Remediation

References

CVE-2020-1754

Related Vulnerabilities

Jetty Other Vulnerability (CVE-2020-27216)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-40599)

WordPress Plugin WPBook Cross-Site Request Forgery (2.7)

WordPress Plugin LOGIN AND REGISTRATION ATTEMPTS LIMIT Cross-Site Request Forgery (2.1)

OpenSSL Improper Access Control Vulnerability (CVE-2016-7054)

Severity

Medium

Classification

CVE-2020-1754 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities