First published: Fri Aug 05 2022(Updated: )
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | >=3.5.0<3.5.11 | |
Moodle Moodle | >=3.6.0<3.6.9 | |
Moodle Moodle | >=3.7.0<3.7.5 | |
Moodle Moodle | =3.8.0 | |
Moodle Moodle | =3.8.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-1754 is medium with a severity value of 4.3.
Moodle versions 3.5.0 to 3.5.11, 3.6.0 to 3.6.9, 3.7.0 to 3.7.5, 3.8.0, and 3.8.1 are all affected by CVE-2020-1754.
CVE-2020-1754 allows users without the 'access all groups' capability to view grade history reports of users outside their own groups.
To fix CVE-2020-1754, update your Moodle installation to version 3.8.2, 3.7.5, 3.6.9, or 3.5.11.
More information about CVE-2020-1754 can be found at the following link: https://moodle.org/mod/forum/discuss.php?d=398350