Описание
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
Ссылки
- Issue TrackingPatchVendor Advisory
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.5.0 (включая) до 3.5.11 (исключая)Версия от 3.6.0 (включая) до 3.6.9 (исключая)Версия от 3.7.0 (включая) до 3.7.5 (исключая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.8.1:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00198
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-284
CWE-732
Связанные уязвимости
CVSS3: 4.3
ubuntu
больше 3 лет назад
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
CVSS3: 4.3
debian
больше 3 лет назад
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the gra ...
CVSS3: 4.3
github
больше 3 лет назад
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
EPSS
Процентиль: 42%
0.00198
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-284
CWE-732