Description
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
Remediation
References
Related Vulnerabilities
Sqlite Use After Free Vulnerability (CVE-2020-13871)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2202)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1099)
Internet Information Services Other Vulnerability (CVE-2000-1104)