Security Advisory

CVE-2014-0009

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-01-20 11:00:00

Last updated 2024-08-06 08:58:26

Assigner redhat

State PUBLISHED

Description

course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request.

← Browse all CVEs View on cve.org ↗