It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.
Weakness
The product does not validate or incorrectly validates the integrity check values or “checksums” of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Moodle | Moodle | * | 3.8.7 (excluding) |
| Moodle | Moodle | 3.9.0 (including) | 3.9.4 (excluding) |
| Moodle | Moodle | 3.10.0 (including) | 3.10.1 (excluding) |
| Moodle | Ubuntu | bionic | * |
| Moodle | Ubuntu | esm-apps/bionic | * |
| Moodle | Ubuntu | esm-apps/xenial | * |
| Moodle | Ubuntu | trusty | * |
| Moodle | Ubuntu | upstream | * |
| Moodle | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/145.html
- https://cwe.mitre.org/data/definitions/463.html
- https://cwe.mitre.org/data/definitions/75.html