MSA-20-0018: Some database module web services did not respect group settings

by Michael Hawkins.  

Some database module web services allowed students to add entries within groups they did not belong to.


Severity/Risk:Minor
Versions affected:3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions
Versions fixed:3.10, 3.9.3, 3.8.6, 3.7.9 and 3.5.15
Reported by:Dani Palou
CVE identifier:CVE-2020-25700
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-67015
Tracker issue:MDL-67015 Some database module web services did not respect group settings

Read more https://moodle.org/mod/forum/discuss.php?d=413938&parent=1668773