Moodle is vulnerable to unauthorized outcome editing. This is possible because grade/edit/outcome/edit_form.php
does not properly enforce the moodle/grade:manage
capability of users when editing the outcome. Therefore, an authenticated user with the teacher role can set a custom outcome to a standard outcome when re-editing an outcome.