MSA-22-0026: No groups filtering in H5P activity attempts report
|
System information
|
|
|
Affected software |
PHP |
Description
|
by Michael Hawkins. The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.Severity/Risk:MinorVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Jari Vilkman and Bjørn TeistungWorkaround:Access to this feature can be revoked by removing the
More info:
https://moodle.org/mod/forum/discuss.php?d=438395&parent=1764796 |
Standar resources
|
Property |
Value |
CVE |
CVE-2022-40316. |