GHSA-F9M9-494R-W36P Moodle allows bypass of intended access restrictions

mod/chat/chatajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstanc...

Moodle allows bypass of intended access restrictions

mod/chat/chatajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstanc...

Authorization Bypass

Moodle is vulnerable to authorization bypasses. The library does not properly check for the mod/chat:chat capability in the mod/chat/chatajax.php file, allowing a malicious user to remain in a chat after an administrator removes that capability from their account...

Session fixation

mod/chat/chatajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstanc...

CVE-2014-0122

CVE-2014-0122 affects Moodle: the chat module in versions up to Moodle 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 fails to properly enforce the mod/chat:chat capability during chat sessions. This allows remote authenticated users to bypass intended access restrictions ...