Описание
Improper Access Control in moodle
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-25980
- https://github.com/moodle/moodle/commit/662192fcecdefdaae79f55db96bd64dbcdeef85b
- https://bugzilla.redhat.com/show_bug.cgi?id=2264096
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB
- https://moodle.org/mod/forum/discuss.php?d=455636
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501
Пакеты
moodle/moodle
>= 4.3.0, < 4.3.3
4.3.3
moodle/moodle
>= 4.2.0, < 4.2.6
4.2.6
moodle/moodle
< 4.1.9
4.1.9
Связанные уязвимости
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
Separate Groups mode restrictions were not honored in the H5P attempts ...