CVE Vulnerabilities

CVE-2014-3553

Published: Jul 29, 2014 | Modified: Dec 01, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.9 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships.

Affected Software

Name Vendor Start Version End Version
Moodle Moodle 2.5.1 2.5.1
Moodle Moodle 2.5.3 2.5.3
Moodle Moodle 2.5.5 2.5.5
Moodle Moodle 2.5.2 2.5.2
Moodle Moodle 2.5.6 2.5.6
Moodle Moodle 2.5.4 2.5.4
Moodle Moodle 2.5.0 2.5.0

References