Описание
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
Ссылки
- Issue TrackingPatchVendor Advisory
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.5.0 (включая) до 3.5.11 (исключая)Версия от 3.6.0 (включая) до 3.6.9 (исключая)Версия от 3.7.0 (включая) до 3.7.5 (исключая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:3.8.1:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00274
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-284
CWE-732
Связанные уязвимости
CVSS3: 4.3
ubuntu
почти 3 года назад
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
CVSS3: 4.3
debian
почти 3 года назад
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the gra ...
CVSS3: 4.3
github
почти 3 года назад
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
EPSS
Процентиль: 51%
0.00274
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-284
CWE-732