Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances.
| Severity/Risk: | Serious |
| Versions affected: | 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 |
| Versions fixed: | 3.11, 3.10.4, 3.9.7 and 3.8.9 |
| Reported by: | Daniel Konrad |
| Workaround: | Remove the Export Forum (mod/forum:exportforum) capability from non-admin roles/users until the patch has been applied. |
| CVE identifier: | CVE-2021-32472 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71359 |
| Tracker issue: | MDL-71359 Forum CSV export could result in posts from all courses being exported |
Read more https://moodle.org/mod/forum/discuss.php?d=422305&parent=1701629