Vulnerability Bulletins

MSA-24-0003: H5P attempts report did not respect activity group settings

System information

Affected software PHP


por Michael Hawkins. Separate Groups mode restrictions were not honoured in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.Severity/Risk:MinorVersions affected:4.3 to 4.3.2, 4.2 to 4.2.5, 4.1 to 4.1.8 and earlier unsupported versionsVersions fixed:4.3.3, 4.2.6 and 4.1.9Reported by:Leon StringerCVE identifier:CVE-2024-25980Changes

More info:

Standar resources

Property Value
CVE CVE-2024-25980.

Version history

Version Comments Date
Ministerio de Defensa