H5P · H5P · CVE-2022-40316
**Name of the Vulnerable Software and Affected Versions**
Moodle (affected versions not specified)
**Description**
The issue is related to the H5P plugin in the Moodle virtual learning environment, where the H5P activity attempts report does not filter by groups. This can reveal information to non-editing teachers about attempts or users in groups they should not have access to, potentially allowing a remote attacker to gain unauthorized access to protected information.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.