-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from an access control check in get_report() that used $this->coursemodule->effectivegroupmode and user_can_view_profile(). The patch replaced this with groups_user_groups_visible(), which properly considers the activity's group mode context. The original implementation only validated course-level group settings, not activity-specific configurations, creating the access control bypass.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | >= 4.3.0, < 4.3.3 | 4.3.3 |
| moodle/moodle | composer | >= 4.2.0, < 4.2.6 | 4.2.6 |
| moodle/moodle | composer |
| < 4.1.9 |
| 4.1.9 |
KEV Misses 88% of Exploited CVEs- Get the report