Description

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.

Remediation

References

CVE-2020-1754

Related Vulnerabilities

WordPress Plugin Meteor Slides Cross-Site Scripting (1.5.6)

Apache Tomcat Other Vulnerability (CVE-2005-4703)

PHP Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2018-19518)

WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Open Redirect (1.85)

phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-10188)

Severity

Medium

Classification

CVE-2020-1754 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities