CVE-2022-40316 – moodle/moodle

Package

Manager: composer
Name: moodle/moodle
Vulnerable Version: >=3.9 <3.9.17 || >=3.11 <3.11.10 || >=4.0 <4.0.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00196 pctl0.41749

Details

Moodle No groups filtering in H5P activity attempts report The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

Metadata

Created: 2022-10-01T00:00:20Z
Modified: 2024-04-23T23:43:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-385f-vgq7-8hhx/GHSA-385f-vgq7-8hhx.json
CWE IDs: ["CWE-668", "CWE-862"]
Alternative ID: GHSA-385f-vgq7-8hhx
Finding: F039
Auto approve: 1