CVE-2014-0009

NONECVSS 0.0

0.0

course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request.

🔗 References (12)

secalert@redhathttp://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html
secalert@redhathttp://openwall.com/lists/oss-security/2014/01/20/1
secalert@redhathttp://www.securitytracker.com/id/1029648
secalert@redhathttps://moodle.org/mod/forum/discuss.php?d=252415
af854a3a-2127-422b-91ae-364da2661108http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2014/01/20/1
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029648
af854a3a-2127-422b-91ae-364da2661108https://moodle.org/mod/forum/discuss.php?d=252415

Is Your Infrastructure Affected by CVE-2014-0009?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2014-0009

📅 Published

🔄 Last Modified

🔗 References (12)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2014-0009?