Description
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.
Remediation
References
Related Vulnerabilities
WordPress Plugin Z-Vote 'zvote' Parameter SQL Injection (1.1)
Joomla CVE-2019-12764 Vulnerability (CVE-2019-12764)
MySQL CVE-2022-21604 Vulnerability (CVE-2022-21604)
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2021-4183)
ReviveAdserver URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-8143)