Information Disclosure Vulnerability in Moodle Gradebook Overview Report

Information Disclosure Vulnerability in Moodle Gradebook Overview Report

CVE-2013-2080 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report.

Learn more about our User Device Pen Test.