lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role to access the get_grades web service.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-11-24T11:00:00

Updated: 2024-08-06T13:03:26.932Z

Reserved: 2014-10-03T00:00:00

Link: CVE-2014-7831

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-11-24T11:59:01.520

Modified: 2024-11-21T02:18:05.960

Link: CVE-2014-7831

cve-icon Redhat

No data.