Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. References: https://nvd.nist.gov/vuln/detail/CVE-2020-1692 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692
(In reply to filip ambroz from comment #0) > Moodle before version 3.7.2 is vulnerable to information exposure of service > tokens for users enrolled in the same course. > > References: > https://nvd.nist.gov/vuln/detail/CVE-2020-1692 > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692 This was two versions ago for all the moodle branches. There's nothing for the maintainer to do.
Thank you for the reply. Just to make sure: versions 3.6.8 and 3.5.10 (in tree) are not affected? If so, I can close the bug as invalid..