Description
The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value.
Remediation
References
Related Vulnerabilities
WordPress Plugin SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4)
WordPress Plugin Easy Digital Downloads QR Code Cross-Site Scripting (1.1.0)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000395)
WebLogic CVE-2021-2064 Vulnerability (CVE-2021-2064)
WordPress Plugin OMFG Mobile Pro Cross-Site Scripting (1.1.26)