Description

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

Remediation

References

CVE-2022-40316

Related Vulnerabilities

IBM RTC Incorrect Authorization Vulnerability (CVE-2017-1700)

Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-3527)

WordPress Plugin Skysa App Bar Integration 'submit' Parameter Cross-Site Scripting (1.03)

WordPress 4.2.x Same Origin Method Execution (SOME) Vulnerability (4.2 - 4.2.7)

WordPress Plugin Frontend File Manager Arbitrary File Upload (3.9)

Severity

Medium

Classification

CVE-2022-40316 CWE-668 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities