CVE-2020-1754

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1754

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1754.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1754

Aliases

BIT-moodle-2020-1754

Downstream

UBUNTU-CVE-2020-1754

Published

2022-08-05T16:15:10Z

Modified

2025-02-19T03:11:39.141916Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.

References

https://moodle.org/mod/forum/discuss.php?d=398350

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

46574904afd39578fa4146bf1fc5c401ac680aa6

Fixed

d3f01844da98ac2c3f685e946219cf749a8aecab

Affected versions

v3.*

v3.5.0

v3.5.1

v3.5.10

v3.5.2

v3.5.3

v3.5.4

v3.5.5

v3.5.6

v3.5.7

v3.5.8

v3.5.9