More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2347366 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
https://moodle.org/mod/forum/discuss.php?d=466142#p1871272 Separate Groups mode restrictions were not factored into permission checks before allowing viewing or deletion of responses in Feedback activities. Severity/Risk: Minor Versions affected: 4.5 to 4.5.1, 4.4 to 4.4.5, 4.3 to 4.3.9, 4.1 to 4.1.15 and earlier unsupported versions Versions fixed: 4.5.2, 4.4.6, 4.3.10 and 4.1.16 Reported by: Leon Stringer CVE identifier: CVE-2025-26526 Changes (main): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79976 Tracker issue: MDL-79976 Feedback response viewing and deletions did not respect Separate Groups mode Current versions: moodle-4.5.2-1.fc42, moodle-4.4.6-1.fc41 and moodle-4.3.10-1.fc40