Description

mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator.

Remediation

References

CVE-2014-0122

Related Vulnerabilities

Jboss EAP Inadequate Encryption Strength Vulnerability (CVE-2014-0224)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-20187)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Directory Traversal (5.1.4)

Magento Incorrect Authorization Vulnerability (CVE-2022-34256)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-11328)

Severity

Medium

Classification

CVE-2014-0122 CWE-264

Tags

Missing Update Known Vulnerabilities