MSA-20-0002: Grade history report does not respect Separate groups mode in the course settings

by Michael Hawkins.  

Users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.


Severity/Risk:Minor
Versions affected:3.8 to 3.8.1, 3.7 to 3.7.4, 3.6 to 3.6.8, 3.5 to 3.5.10 and earlier unsupported versions
Versions fixed:3.8.2, 3.7.5, 3.6.9 and 3.5.11
Reported by:Tim Hunt
CVE identifier:CVE-2020-1754
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-56287
Tracker issue:MDL-56287 Grade history report does not respect Separate groups mode in the course settings

Read more https://moodle.org/mod/forum/discuss.php?d=398350&parent=1606854