CVE-2014-0122

Name of the Vulnerable Software and Affected Versions Moodle versions 2.3.11 and earlier, 2.4.x through 2.4.8, 2.5.x through 2.5.4, 2.6.x through 2.6.1

Description The issue allows remote authenticated users to bypass intended access restrictions by remaining in a chat session after an administrator removes a capability during the session. This occurs because the mod/chat/chat ajax.php file does not properly check for the mod/chat:chat capability during chat sessions.

Recommendations For versions 2.3.11 and earlier, update to a version later than 2.3.11 to resolve the issue. For versions 2.4.x through 2.4.8, update to version 2.4.9 or later. For versions 2.5.x through 2.5.4, update to version 2.5.5 or later. For versions 2.6.x through 2.6.1, update to version 2.6.2 or later.