Description

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.

Remediation

References

CVE-2020-1754

Related Vulnerabilities

XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-36099)

Oracle Database Server CVE-2021-2332 Vulnerability (CVE-2021-2332)

MySQL CVE-2016-0653 Vulnerability (CVE-2016-0653)

WordPress Plugin WP eCommerce Multiple Vulnerabilities (3.8.9.5)

WordPress Plugin WooCommerce Export Orders and More Cross-Site Scripting (2.0.10)

Severity

Medium

Classification

CVE-2020-1754 CWE-732 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities