CVE-2014-0216: Moodle does not properly restrict file access
(updated )
The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block.
References
- git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877
- openwall.com/lists/oss-security/2014/05/19/1
- github.com/advisories/GHSA-8rc7-4qfv-4484
- github.com/moodle/moodle/commit/40ad22fdd0d9ed569b2ad0ff6ad02814bfa014b8
- github.com/moodle/moodle/commit/568514ee7f7e994f61e7a44356fe89d0dd18c157
- github.com/moodle/moodle/commit/7b9acc77efe06f7be7070032b05c3159e0a6d415
- github.com/moodle/moodle/commit/b04bf988ef47f8fa65dd08ce936ecb774d5d76bd
- moodle.org/mod/forum/discuss.php?d=260364
- nvd.nist.gov/vuln/detail/CVE-2014-0216
Code Behaviors & Features
Detect and mitigate CVE-2014-0216 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →