Description
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server CVE-2021-35666 Vulnerability (CVE-2021-35666)
WordPress Plugin Custom Search by BestWebSoft Cross-Site Scripting (1.35)
MySQL CVE-2019-3018 Vulnerability (CVE-2019-3018)
MySQL CVE-2012-0578 Vulnerability (CVE-2012-0578)
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2020-11067)