CVE-2014-3617

Moodle allows discovery of an author's username in packagist/moodle/moodle

Identifiers

GHSA-p5j7-26wj-423j, CVE-2014-3617

Package Slug

packagist/moodle/moodle

Vulnerability

Moodle allows discovery of an author's username

Description

The forumprintlatest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum.

Affected Versions

All versions before 2.5.8, all versions starting from 2.6.0 before 2.6.5, all versions starting from 2.7.0 before 2.7.2

Solution

Upgrade to versions 2.5.8, 2.6.5, 2.7.2 or above.

Last Modified

2024-02-02

source