Vulnerability Bulletins

MSA-23-0024: Private course participant data available from external grade report method

System information

Affected software PHP


by Michael Hawkins. Insufficient capability checks resulted in course participant data being available to other participants in the course who would not otherwise have access to the information.Severity/Risk:MinorVersions affected:4.2 to 4.2.1Versions fixed:4.2.2Reported by:Paul HoldenCVE identifier:CVE-2023-40321Changes (master): issue:MDL-78871 Private course participant data available from

More info:

Standar resources

Property Value
CVE CVE-2023-40321.

Version history

Version Comments Date
1.0 Advisory issued 2023-08-22
Ministerio de Defensa