We found results for “”
CVE-2024-25980
Good to know:
Date: February 19, 2024
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
Language: PHP
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Improper Access Control
CWE-284Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |