Description

Insufficient capability checks made it possible for teachers to download users outside of their courses.

Remediation

References

CVE-2021-40692

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-2011-5279)

MySQL CVE-2019-2802 Vulnerability (CVE-2019-2802)

Apache Traffic Server CVE-2024-35296 Vulnerability (CVE-2024-35296)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.19)

WordPress Plugin LiveSig 'wp-root' Parameter Remote File Include (0.4)

Severity

Medium

Classification

CVE-2021-40692 CWE-863 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities