Description

mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator.

Remediation

References

CVE-2014-0122

Related Vulnerabilities

WordPress Plugin Booking.com Product Helper Cross-Site Scripting (1.0.1)

XOOPS Other Vulnerability (CVE-2005-3680)

WordPress 4.8.x Denial of Service Vulnerability (4.8 - 4.8.5)

WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Open Redirect (4.0)

WordPress Plugin wp-microblogs Cross-Site Scripting (0.4.0)

Severity

Medium

Classification

CVE-2014-0122 CWE-264

Tags

Missing Update Known Vulnerabilities