Description
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
Remediation
References
Related Vulnerabilities
WordPress Plugin Velvet Blues Update URLs Unspecified Vulnerability (2.1)
MySQL CVE-2018-2586 Vulnerability (CVE-2018-2586)
Python Use After Free Vulnerability (CVE-2018-1000030)
Atlassian Confluence Improper Input Validation Vulnerability (CVE-2018-13389)
Atlassian Jira CVE-2019-20418 Vulnerability (CVE-2019-20418)