Description
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.
Remediation
References
Related Vulnerabilities
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2021-3690)
Ruby Other Vulnerability (CVE-2014-8080)
Oracle HTTP Server CVE-2016-0671 Vulnerability (CVE-2016-0671)
Oracle Application Server Other Vulnerability (CVE-2006-3708)
MediaWiki Use of Insufficiently Random Values Vulnerability (CVE-2023-22912)