Capability Bypass

Moodle is vulnerable to capability bypass. Authenticated attackers can bypass the mod/lti:view capability because it is only checked at a course level rather than the activity level...