CVE 2023-28330
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.
See the
CVE page on Mitre.org
for more details.