CVE-2020-1754
4.3
MEDIUM
CVSS 3.1
EPSS 0.20%
Description
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
How to fix CVE-2020-1754
To remediate CVE-2020-1754, upgrade the affected package to a fixed version below.
- Bitnami/moodle—upgrade to 3.5.11 or later
Is CVE-2020-1754 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 3.5.0, < 3.5.11, >= 3.6.0, < 3.6.9, >= 3.7.0, < 3.7.5, >= 3.8.0, < 3.8.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |