vulnerability
Moodle: Incorrect Permission Assignment for Critical Resource (CVE-2020-1754)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Aug 5, 2022 | Aug 8, 2022 | Jan 30, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Aug 5, 2022
Added
Aug 8, 2022
Modified
Jan 30, 2025
Description
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
Solutions
moodle-upgrade-3_5_11moodle-upgrade-3_6_9moodle-upgrade-3_7_5
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.