CVE-2024-25980

medium

Description

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.

References

https://moodle.org/mod/forum/discuss.php?d=455636

https://lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/

https://bugzilla.redhat.com/show_bug.cgi?id=2264096

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501

Details

Source: Mitre, NVD

Published: 2024-02-19

Updated: 2025-01-23

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N