{ "action": { "auto_issue_creation_allowed": false, "auto_patch_allowed": false, "auto_remediation_allowed": false, "external_execution_allowed": false, "human_review": { "required_for_external_action": true, "required_for_public_launch": false, "required_for_read_only_view": false, "required_for_signal_radar_integration": true }, "human_review_required": false, "recommended_action": "review_official_sources" }, "affected": { "products": [ { "canonicalProduct": "moodle", "canonicalVendor": "moodle", "cpe": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "moodle", "purl": null, "vendor": "moodle", "version": null }, { "canonicalProduct": "moodle", "canonicalVendor": "moodle", "cpe": "cpe:2.3:a:moodle:moodle:3.8.0:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "moodle", "purl": null, "vendor": "moodle", "version": "3.8.0" }, { "canonicalProduct": "moodle", "canonicalVendor": "moodle", "cpe": "cpe:2.3:a:moodle:moodle:3.8.1:*:*:*:*:*:*:*", "ecosystem": null, "packageName": null, "product": "moodle", "purl": null, "vendor": "moodle", "version": "3.8.1" } ], "source": "NVD CVE API 2.0", "status": "known" }, "canonical_url": "https://vuln.signal-radar.com/vuln/public-candidate/CVE-2020-1754/", "claims": [ { "id": "claim:defensive-priority-candidate", "source_ids": [], "status": "observed", "text": "This item is a defensive prioritization candidate.", "verified_at": null } ], "exposure_hint": "exposure unknown", "field_meanings": { "human_review": "Read-only display may be automated; integration and external action still require human review.", "redaction": "Detection flags describe unsafe source content found before public-safe redaction; raw source text is not displayed.", "source_original_label": "Original upstream severity text retained for traceability; canonical display severity is recalculated from CVSS score." }, "forecast_hooks": { "agent_use": "summarize_with_citations_only", "automation_allowed": false, "read_only": true, "watch_fields": [ "sources", "claims", "freshness", "severity", "affected" ] }, "freshness": { "generated_at": "2026-06-29T22:34:48.336130+00:00", "last_checked_at": null, "observed_at": "2026-06-29T22:33:42.341956+00:00", "status": "observed" }, "human_consequence": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.", "human_impact_label": "defensive exposure review", "human_review": { "required_for_external_action": true, "required_for_public_launch": false, "required_for_read_only_view": false, "required_for_signal_radar_integration": true }, "human_risk_summary": "CVE-2020-1754 for moodle / moodle: This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.", "id": "CVE-2020-1754", "impact_redaction": { "exploit_steps_removed": false, "payload_removed": false, "poc_removed": false, "source_derived_summary": true, "used_fallback_summary": false }, "impact_tags": [], "public_human_impact": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.", "public_human_summary": "NVD: In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. OSV: In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.", "public_human_what_to_verify": "Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.", "public_human_why_it_matters": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.; CVSS 4.3 (MEDIUM); EPSS percentile 41; not listed in KEV; Remediation reference present; patch status requires confirmation in the linked advisory; sources: NVD, OSV, Vendor Advisory.", "public_safe_summary": "NVD: In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. OSV: In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.", "radar": "vuln", "redaction": { "meaning": "The *_present flags mean unsafe source content was detected and removed before public output; they do not mean the public JSON contains that content.", "payload_present": false, "poc_present": false, "public_summary_redacted": true, "raw_source_displayed": false, "unsafe_procedural_detail_present": false }, "redaction_notes": [ "source-published defensive context retained", "vulnerability class, impact, affected context, and remediation references remain displayable" ], "safety": { "attack_chain_included": false, "auto_remediation_allowed": false, "exploit_instructions_included": false, "external_execution_allowed": false, "human_review": { "required_for_external_action": true, "required_for_public_launch": false, "required_for_read_only_view": false, "required_for_signal_radar_integration": true }, "human_review_required": false, "noindex_removal_allowed": true, "noindex_required": false, "private_gate_state": "released", "public_gate_state": "public_indexable_read_only", "public_launch_allowed": true, "read_only_static_data": true, "scan_functionality_included": false, "signal_radar_integration_allowed": false }, "schema_version": "v0.1", "severity": { "cvss_label": "MEDIUM", "label": "MEDIUM", "score": 4.3, "source": "NVD CVE API 2.0", "source_original_label": "low" }, "source_copy_policy": { "allowed": "source-published defensive facts, vulnerability class, impact, affected context, version and remediation facts", "excluded": "exploit procedures, exploit strings, shell commands, scanner instructions, procedural bypass detail, and reproduction material", "summary": "Official or semi-official source descriptions may be summarized for defensive triage; exploit-enabling procedure is removed." }, "source_derived_note": "Summary derived from NVD / OSV / Vendor Advisory description; unsafe procedural detail is not shown.", "source_published_affected": "vendor/product: moodle / moodle; affected version context: 3.8.0, 3.8.1", "source_published_description": "NVD: In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. OSV: In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.", "source_published_evidence_refs": [ { "source": "NVD", "type": "source_description", "url": null }, { "source": "OSV", "type": "source_description", "url": null }, { "source": "Vendor Advisory", "type": "source_description", "url": null }, { "source": "Vendor Advisory", "type": "reference", "url": "https://moodle.org/mod/forum/discuss.php?d=398350" }, { "source": "Vendor Advisory", "type": "reference", "url": "https://moodle.org/mod/forum/discuss.php?d=398350" }, { "source": "Official Reference", "type": "reference", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1754" }, { "source": "Official Reference", "type": "reference", "url": "https://osv.dev/vulnerability/CVE-2020-1754" } ], "source_published_impact": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review.", "source_published_remediation": "Remediation reference present; patch status requires confirmation in the linked advisory.", "source_published_summary": "NVD: In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. OSV: In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.", "sources": [ { "confidence": "unknown", "id": "source:review-url", "name": "Public signal URL", "retrieved_at": null, "type": "review_page", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1754" } ], "summary_for_agents": "Read-only defensive signal. Use sources, claims, freshness, and safety gates before summarizing. Do not infer missing source, claim, or freshness values.", "summary_for_humans": "NVD: In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. OSV: In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.", "title": "CVE-2020-1754 defensive priority signal", "urgency_reasons": [ "affected product present", "vendor advisory present", "recent update", "remediation reference present" ], "what_to_verify": "Confirm affected product/version, vendor advisory, patch or mitigation, and exposure.", "why_it_matters": "This medium severity issue needs human triage to confirm exposure, affected versions, and vendor guidance for defensive exposure review; CVSS 4.3 (MEDIUM); EPSS percentile 41; affected product context: moodle / moodle; sources: NVD, OSV, Vendor Advisory." }