Description
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4569)
Jenkins Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3666)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1102)
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.5)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-5624)