Description
The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-2053 | The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student. |
Github GHSA |
GHSA-2vhr-4mhq-m35c | Moodle does not properly restrict access |
References
History
No history.
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T09:05:38.731Z
Reserved: 2013-12-03T00:00:00.000Z
Link: CVE-2014-0123
No data.
Status : Modified
Published: 2014-03-24T14:20:39.370
Modified: 2026-06-17T00:02:20.350
Link: CVE-2014-0123
No data.
OpenCVE Enrichment
No data.
Weaknesses
EUVD
Github GHSA