CVE-2023-1402, GHSA-vj5p-fp42-774p
packagist/moodle/moodle
Moodle may display roles to users who don't have access to them
The course participation report required additional checks to prevent roles being displayed which the user does not have access to view.
All versions before 3.9.20, all versions starting from 3.11.0 before 3.11.13, all versions starting from 4.0.0 before 4.0.7, all versions starting from 4.1.0 before 4.1.2
Upgrade to versions 4.0.7, 4.1.2, 3.9.20, 3.11.13 or above.
2023-03-24
source |