← back
CVE-2014-7832

CVE-2014-7832

EPSS 1.7%
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921http://openwall.com/lists/oss-security/2014/11/17/11https://moodle.org/mod/forum/discuss.php?d=275154http://www.securitytracker.com/id/1031215