Boletines de Vulnerabilidades

MSA-20-0002: Grade history report does not respect Separate groups mode in the course settings

Información sobre el sistema
   
Software afectado PHP

Descripción
von Michael Hawkins. Users viewing the grade history report without the access all groups capability were not restricted to viewing grades of users within their own groups.Severity/Risk:MinorVersions affected:3.8 to 3.8.1, 3.7 to 3.7.4, 3.6 to 3.6.8, 3.5 to 3.5.10 and earlier unsupported versionsVersions fixed:3.8.2, 3.7.5, 3.6.9 and 3.5.11Reported by:Tim HuntCVE identifier:CVE-2020-1754Changes

More info:

https://moodle.org/mod/forum/discuss.php?d=398350&parent=1606854

Identificadores estándar
Propiedad Valor
CVE CVE-2020-1754.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2020-03-31

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT