Description
The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Access Manager Unspecified Vulnerability (5.9.8.1)
WordPress Plugin Software License Manager Cross-Site Request Forgery (4.4.5)
WordPress Plugin PhotoSmash Galleries 'action' Parameter Cross-Site Scripting (1.0.2)
WordPress Plugin Calendar Multiple Cross-Site Scripting Vulnerabilities (1.2.1)