CVE-2020-1692
Description
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
CWE
- CWE-352 — CWE-352
Affected
- The Moodle Project / moodle — v=before 3.7.2 [affected]
CVSS
- 3.1 score=8.1 severity=HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692 x_refsource_CONFIRM
Source
cvelistV5-main/cves/2020/1xxx/CVE-2020-1692.json