Description

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.

Remediation

References

CVE-2020-1754

Related Vulnerabilities

WordPress Plugin Blogtopdf Local File Inclusion (1.0.2)

WordPress Plugin WP Mobile Detector Multiple Vulnerabilities (3.8)

WordPress Plugin WPS Hide Login Multiple Security Bypass Vulnerabilities (1.5.2.2)

MongoDb Improper Neutralization of Null Byte or NUL Character Vulnerability (CVE-2024-10921)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10969)

Severity

Medium

Classification

CVE-2020-1754 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities