CVE-2014-7832

Опубликовано: 24 нояб. 2014

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия до 2.4.11 (включая)

cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00243

Низкий

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2014-7832

ubuntu

больше 10 лет назад

CVE-2014-7832

debian

больше 10 лет назад

mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x b ...

GHSA-mphj-h2fc-62x3

github

около 3 лет назад

Moodle allows attackers to bypass the mod/lti:view capability requirement

EPSS

Процентиль: 48%

0.00243

Низкий

4 Medium

CVSS2

Дефекты

CWE-264