Description

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.

Remediation

References

CVE-2020-1754

Related Vulnerabilities

WebLogic CVE-2022-21259 Vulnerability (CVE-2022-21259)

WordPress Plugin Timesheet by BestWebSoft Cross-Site Scripting (0.1.4)

Sqlite NULL Pointer Dereference Vulnerability (CVE-2019-9937)

WordPress Plugin WP Google Maps Cross-Site Scripting (7.11.34)

WordPress Plugin WordPress Clean Up & Optimizer-Clean Up Optimizer SQL Injection (3.0.13)

Severity

Medium

Classification

CVE-2020-1754 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities