CVE-2014-0123: Moodle does not properly restrict access
(updated )
The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student.
References
- git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990
- openwall.com/lists/oss-security/2014/03/17/1
- github.com/advisories/GHSA-2vhr-4mhq-m35c
- github.com/moodle/moodle/commit/3a7b9b76c2d3c58237bec56b3b537e05c23970ad
- github.com/moodle/moodle/commit/d9596365e59ac53787105ff326f7f2bab5b9bada
- github.com/moodle/moodle/commit/e6499fb8a4463b1130babb09c42f3d5559276d17
- github.com/moodle/moodle/commit/fa0777902633b54ca5566dd8af304ce5587051e5
- moodle.org/mod/forum/discuss.php?d=256419
- nvd.nist.gov/vuln/detail/CVE-2014-0123
Detect and mitigate CVE-2014-0123 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →