Description
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
Remediation
References
Related Vulnerabilities
WordPress Plugin VikBooking Hotel Booking Engine & PMS Cross-Site Scripting (1.5.8)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5317)
Django Use of Hard-coded Credentials Vulnerability (CVE-2016-9013)
WordPress Plugin CYSTEME Finder, the admin files explorer Cross-Site Request Forgery (1.4)
Django Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-0472)