NVD

Id
28966  
Name
CVE-2014-0009  
Description
course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request.  
Reject
 
CVSS Version
2  
CVSS Score
5.5  
Severity
Medium  
CVSS Base Score
5.5  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-01-20  
Modified Date
2014-02-21  
Seq
2014-0009  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
152686 28966 CVE-2014-0009 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643  View
152687 28966 CVE-2014-0009 FEDORA-2014-1377  View
152688 28966 CVE-2014-0009 FEDORA-2014-1396  View
152689 28966 CVE-2014-0009 [oss-security] 20140120 Moodle security notifications public  View
152690 28966 CVE-2014-0009 1029648  View
152691 28966 CVE-2014-0009 https://moodle.org/mod/forum/discuss.php?d=252415  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
12349 JVNDB-2014-001224 Moodle の course/loginas.php における "login as" アクションを実行される脆弱性 Moodle の course/loginas.php は、SEPARATEGROUPS 設定のグループ以外のユーザに対して moodle/site:accessallgroups ケーパビリティ要件を適用しないため、"login as" アクションを実行される脆弱性が存在します。 CVE-2014-0009 67410 CVE-2014-0009 28966 5.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-001224.html 2014-01-20 2014-01-23 View