CVE-2020-1754
MEDIUMMoodle <3.8.2, <3.7.5, <3.6.9, <3.5.11 - Info Disclosure
Title source: llmDescription
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
References (1)
Core 1
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_misc
https://moodle.org/mod/forum/discuss.php?d=398350
Scores
CVSS v3
4.3
EPSS
0.0020
EPSS Percentile
41.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-284
CWE-732
Status
published
Products (3)
moodle/moodle
3.8.0
moodle/moodle
3.8.1
moodle/moodle
3.5.0 - 3.5.11
Published
Aug 05, 2022
Tracked Since
Feb 18, 2026