A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment.
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10189.json"