MSA-18-0003: Privilege escalation in quiz web services

by Marina Glancy.  

Quiz web services allow students to see quiz results when it is prohibited in the settings. This web service is used by the mobile app


Severity/Risk:Minor
Versions affected:3.4, 3.3 to 3.3.3, 3.2 to 3.2.6 and 3.1 to 3.1.9
Versions fixed:3.4.1, 3.3.4, 3.2.7 and 3.1.10
Reported by:Chirine Nassar
CVE identifier:CVE-2018-1044
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-60908
Tracker issue:MDL-60908 Students are able to see quiz results in Mobile app although it is prohibited in the settings

Read more https://moodle.org/mod/forum/discuss.php?d=364383&parent=1469492