Moodle is vulnerable to access restriction bypass. The vulnerability exists because course/reset.php
checks an update capability instead of a reset capability, allowing authenticated users to bypass the access restriction through a reset operation.