PT-2014-3431 · Moodle · Moodle
Itamar Tzadok
·
Published
2014-01-20
·
Updated
2020-12-01
·
CVE-2014-0009
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 2.2.11 and earlier, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, 2.6.x before 2.6.1
Description
The issue allows remote authenticated users to perform certain actions via a direct request, due to the lack of enforcement of the
moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration.Recommendations
For versions 2.2.11 and earlier, update to version 2.2.12 or later.
For versions 2.3.x before 2.3.11, update to version 2.3.11 or later.
For versions 2.4.x before 2.4.8, update to version 2.4.8 or later.
For versions 2.5.x before 2.5.4, update to version 2.5.4 or later.
For versions 2.6.x before 2.6.1, update to version 2.6.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moodle