moodle is vulnerable to Information Disclosure. The vulnerability exists due to a lack of validation in the grade report history feature located in tablelog.php
, allowing an attacker with the teacher role to access users they aren’t authorized to view.
github.com/advisories/GHSA-prjm-2fj2-787f
github.com/moodle/moodle/commit/01fc1047790cf561ce21fd3b14a3e47181eca361
github.com/moodle/moodle/commit/1632e5917985a2572757af6de8c9270b8c439fe8
github.com/moodle/moodle/commit/1bb6bd73811db0f676ba591dd54b890e367354bd
github.com/moodle/moodle/commit/882b9d67f5a851bcc16424551fca499e824f59ae
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/
lists.fedoraproject.org/archives/list/[email protected]/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/
moodle.org/mod/forum/discuss.php?d=445068