Moodle Access Control Error Vulnerability (CNVD-2022-09259)

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. an access control error vulnerability exists in Moodle, which stems from a network system or product that does not properly restrict access to resources from unauthorized roles. An authenticated, remote attacker could exploit the vulnerability to access grade reports for courses for which they do not have the required grade report/user: view capability.