Vulnerability Bulletins

MSA-22-0026: No groups filtering in H5P activity attempts report


System information

   
Affected software PHP

Description

by Michael Hawkins. The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.Severity/Risk:MinorVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Jari Vilkman and Bjørn TeistungWorkaround:Access to this feature can be revoked by removing the

More info:

https://moodle.org/mod/forum/discuss.php?d=438395&parent=1764796

Standar resources

Property Value
CVE CVE-2022-40316.

Version history

Version Comments Date
1.0 Advisory issued 2022-09-20
Ministerio de Defensa
CNI
CCN
CCN-CERT