Lucene search
Ubuntu.comUB:CVE-2014-7832HistoryNov 24, 2014 - 12:00 a.m.
CVE-2014-7832
2014-11-2400:00:00
ubuntu.com
ubuntu.com
12
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
0.001
Percentile
50.4%
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before
2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control
at the course level rather than at the activity level, which allows remote
authenticated users to bypass the mod/lti:view capability requirement by
viewing an activity instance.
Related
veracode
veracode
Capability Bypass
2017-07-29 16:34:21
prion
prion
Design/Logic Flaw
2014-11-24 11:59:00
cve
cve
CVE-2014-7832
2014-11-24 11:59:02
cvelist
cvelist
CVE-2014-7832
2014-11-24 11:00:00
osv
osv
Moodle allows attackers to bypass the mod/lti:view capability requirement
2022-05-13 01:12:41
github
github
Moodle allows attackers to bypass the mod/lti:view capability requirement
2022-05-13 01:12:41
nvd
nvd
CVE-2014-7832
2014-11-24 11:59:02
nessus
nessus
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0483)
2022-01-28 00:00:00
mageia
mageia
Updated moodle package fixes security vulnerabilities
2014-11-22 13:54:50
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
0.001
Percentile
50.4%
Related for UB:CVE-2014-7832