Boletines de Vulnerabilidades

MSA-22-0026: No groups filtering in H5P activity attempts report


Información sobre el sistema

   
Software afectado PHP

Descripción

by Michael Hawkins. The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.Severity/Risk:MinorVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Jari Vilkman and Bjørn TeistungWorkaround:Access to this feature can be revoked by removing the

More info:

https://moodle.org/mod/forum/discuss.php?d=438395&parent=1764796

Identificadores estándar

Propiedad Valor
CVE CVE-2022-40316.

Histórico de versiones

Versión Comentario Fecha
1.0 Advisory issued 2022-09-20

Miembros de

Ministerio de Defensa
CNI
CCN
CCN-CERT