CVE-2022-40316: Exposure of Resource to Wrong Sphere

September 30, 2022 (updated August 8, 2023)

The H5P activity attempts report does not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

References

bugzilla.redhat.com/show_bug.cgi?id=2128151
moodle.org/mod/forum/discuss.php?d=438395
nvd.nist.gov/vuln/detail/CVE-2022-40316

Code Behaviors & Features

Detect and mitigate CVE-2022-40316 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →