CVE-2020-1754

CVSS 4.3 MEDIUMEPSS 0.5%CWE-284

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

n/a · Moodle

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://moodle.org/mod/forum/discuss.php?d=398350