Description
mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-3739 | mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator. |
Github GHSA |
GHSA-f9m9-494r-w36p | Moodle allows bypass of intended access restrictions |
References
History
No history.
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T09:05:38.987Z
Reserved: 2013-12-03T00:00:00.000Z
Link: CVE-2014-0122
No data.
Status : Modified
Published: 2014-03-24T14:20:39.370
Modified: 2026-06-17T00:02:20.240
Link: CVE-2014-0122
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD
Github GHSA