Description
The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
Remediation
References
Related Vulnerabilities
WordPress Plugin Autoptimize Cross-Site Scripting (3.1.0)
XWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-29208)
Drupal Improper Input Validation Vulnerability (CVE-2022-25273)
TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3714)
WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)