CVE-2020-1754

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-1754

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1754.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-1754

Aliases

BIT-moodle-2020-1754

Downstream

UBUNTU-CVE-2020-1754

Published

2022-08-05T16:15:10.733Z

Modified

2026-02-11T12:17:44.147747Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

46574904afd39578fa4146bf1fc5c401ac680aa6

Fixed

d3f01844da98ac2c3f685e946219cf749a8aecab

Introduced

89457b26d192c06325bb6782b85d1025dafbefe9

Fixed

805361d871181480d6816b687a0e51bcca8c9795

Introduced

cb628a9a08933c2a9f1eae2f3be70ea5d343b419

Fixed

bed733c86d3c435f9be1fc88f03c4e9c34997944

Affected versions

v3.*

v3.5.0

v3.5.1

v3.5.10

v3.5.2

v3.5.3

v3.5.4

v3.5.5

v3.5.6

v3.5.7

v3.5.8

v3.5.9

v3.6.0

v3.6.0-beta

v3.6.0-rc1

v3.6.0-rc2

v3.6.0-rc3

v3.6.1

v3.6.2

v3.6.3

v3.6.4

v3.6.5

v3.6.6

v3.6.7

v3.6.8

v3.7.0

v3.7.0-beta

v3.7.0-rc1

v3.7.0-rc2

v3.7.1

v3.7.2

v3.7.3

v3.7.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-1754.json"