CVE-2022-40316: Exposure of Resource to Wrong Sphere
(updated )
The H5P activity attempts report does not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
References
Detect and mitigate CVE-2022-40316 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →