CVE-2024-25980 MEDIUM

CVE-2024-25980: Msa-24-0003: h5p attempts report did not respect activity group settings

Weakness CWE-284
Published February 19, 2024
Last update August 1, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.

Key dates

02Disclosure timeline

February 19, 2024 CVE published
August 1, 2024 Record updated