Security announcements

MSA-18-0003: Privilege escalation in quiz web services

 
Picture of Marina Glancy
MSA-18-0003: Privilege escalation in quiz web services
 

Quiz web services allow students to see quiz results when it is prohibited in the settings. This web service is used by the mobile app


Severity/Risk: Minor
Versions affected: 3.4, 3.3 to 3.3.3, 3.2 to 3.2.6 and 3.1 to 3.1.9
Versions fixed: 3.4.1, 3.3.4, 3.2.7 and 3.1.10
Reported by: Chirine Nassar
CVE identifier: CVE-2018-1044
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60908
Tracker issue: MDL-60908 Students are able to see quiz results in Mobile app although it is prohibited in the settings