Vulnerability DatabaseCVE-2014-0122
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2014-0122
March 22, 2014
mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator.
Related ResourcesĀ (9)
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/4d4867503c2467cb04660d9cb314d22f56004054
https://github.com/moodle/moodle/commit/5c45ea0c6bf2fdf4dddfaef9fc5ff12e6b426a3f
https://moodle.org/mod/forum/discuss.php?d=256418
http://openwall.com/lists/oss-security/2014/03/17/1
https://github.com/moodle/moodle/commit/7748e17207b1a28118d9dc622878da22f956d3fe
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44082
https://github.com/moodle/moodle/commit/3d7810ab3d67a423a760ba89ae75de81d940b236
https://nvd.nist.gov/vuln/detail/CVE-2014-0122
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
CVSS v2
Base Score:
4.9
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
EPSS
Base Score:
0.17