GHSA-332g-xh34-5c96

Suggest an improvement
Source
https://github.com/advisories/GHSA-332g-xh34-5c96
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-332g-xh34-5c96/GHSA-332g-xh34-5c96.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-332g-xh34-5c96
Aliases
Published
2022-05-14T03:46:14Z
Modified
2024-04-24T00:11:48.687172Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Moodle Privilege escalation in quiz web services
Details

In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.

Database specific
{
    "nvd_published_at": "2018-01-22T08:29:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T23:42:08Z"
}
References

Affected packages

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1
Fixed
3.1.10

Affected versions

v3.*

v3.1.0-beta
v3.1.0-rc1
v3.1.0-rc2
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.2
Fixed
3.2.7

Affected versions

v3.*

v3.2.0-beta
v3.2.0-rc1
v3.2.0-rc2
v3.2.0-rc3
v3.2.0-rc4
v3.2.0-rc5
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.3
Fixed
3.3.4

Affected versions

v3.*

v3.3.0-beta
v3.3.0-rc1
v3.3.0-rc2
v3.3.0-rc3
v3.3.0
v3.3.1
v3.3.2
v3.3.3

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.4
Fixed
3.4.1

Affected versions

v3.*

v3.4.0-beta
v3.4.0-rc1
v3.4.0-rc2
v3.4.0-rc3
v3.4.0