Description
The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
Remediation
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2005-3453)
TYPO3 Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-31046)
WordPress Plugin oQey Gallery 'tbpv_domain' Parameter Cross-Site Scripting (0.2)
WordPress Plugin WordPress Gallery MaxGalleria Unspecified Vulnerability (6.0.8)