This security fix has been published.
The fix has been merged to:
master: fix: add edit permissions for limited staff only in LMS · openedx/edx-platform@0153086 · GitHub
master
open-release/redwood.master: fix: security issue limited staff have edit access through some APIs … · openedx/edx-platform@50097c2 · GitHub
open-release/redwood.master