CVE-2021-32473: 
PHP vulnerability analysis and mitigation

CVE-2021-32473 is a security vulnerability discovered in Moodle, an open-source learning management system, that allowed students to view their quiz grades before they were officially released through a quiz web service. The vulnerability affected Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17, and earlier unsupported versions. The issue was reported by Nadav Kavalerchik and was addressed in versions 3.11, 3.10.4, 3.9.7, 3.8.9, and 3.5.18 (Moodle Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability is network accessible, requires low attack complexity, needs no privileges, requires no user interaction, has unchanged scope, and can impact confidentiality with low severity but does not affect integrity or availability (NVD).

The vulnerability allowed unauthorized access to sensitive academic information, specifically enabling students to view their quiz grades before the intended release time. This breach of confidentiality could potentially compromise the integrity of the assessment process and give certain students an unfair advantage (Moodle Advisory).

The recommended mitigation is to upgrade to the fixed versions: 3.11, 3.10.4, 3.9.7, 3.8.9, or 3.5.18, depending on the installed version branch. No alternative workarounds were provided in the security advisory (Moodle Advisory).