CVE-2014-3617 - OpenCVE

The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moodle	Moodle

Configuration 1 [-]

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle:2.0.0:::::::*
	cpe:2.3:a:moodle:moodle:2.0.1:::::::*
	cpe:2.3:a:moodle:moodle:2.0.2:::::::*
	cpe:2.3:a:moodle:moodle:2.0.3:::::::*
	cpe:2.3:a:moodle:moodle:2.0.4:::::::*
	cpe:2.3:a:moodle:moodle:2.0.5:::::::*
	cpe:2.3:a:moodle:moodle:2.0.6:::::::*
	cpe:2.3:a:moodle:moodle:2.0.7:::::::*
	cpe:2.3:a:moodle:moodle:2.0.8:::::::*
	cpe:2.3:a:moodle:moodle:2.0.9:::::::*
	cpe:2.3:a:moodle:moodle:2.1.0:::::::*
	cpe:2.3:a:moodle:moodle:2.1.1:::::::*
	cpe:2.3:a:moodle:moodle:2.1.2:::::::*
	cpe:2.3:a:moodle:moodle:2.1.3:::::::*
	cpe:2.3:a:moodle:moodle:2.1.4:::::::*
	cpe:2.3:a:moodle:moodle:2.1.5:::::::*
	cpe:2.3:a:moodle:moodle:2.1.6:::::::*
	cpe:2.3:a:moodle:moodle:2.1.7:::::::*
	cpe:2.3:a:moodle:moodle:2.1.8:::::::*
	cpe:2.3:a:moodle:moodle:2.1.9:::::::*
	cpe:2.3:a:moodle:moodle:2.1.10:::::::*
	cpe:2.3:a:moodle:moodle:2.2.0:::::::*
	cpe:2.3:a:moodle:moodle:2.2.1:::::::*
	cpe:2.3:a:moodle:moodle:2.2.2:::::::*
	cpe:2.3:a:moodle:moodle:2.2.3:::::::*
	cpe:2.3:a:moodle:moodle:2.2.4:::::::*
	cpe:2.3:a:moodle:moodle:2.2.5:::::::*
	cpe:2.3:a:moodle:moodle:2.2.6:::::::*
	cpe:2.3:a:moodle:moodle:2.2.7:::::::*
	cpe:2.3:a:moodle:moodle:2.2.8:::::::*
	cpe:2.3:a:moodle:moodle:2.2.9:::::::*
	cpe:2.3:a:moodle:moodle:2.2.10:::::::*
	cpe:2.3:a:moodle:moodle:2.2.11:::::::*
	cpe:2.3:a:moodle:moodle:2.3.0:::::::*
	cpe:2.3:a:moodle:moodle:2.3.1:::::::*
	cpe:2.3:a:moodle:moodle:2.3.2:::::::*
	cpe:2.3:a:moodle:moodle:2.3.3:::::::*
	cpe:2.3:a:moodle:moodle:2.3.4:::::::*
	cpe:2.3:a:moodle:moodle:2.3.5:::::::*
	cpe:2.3:a:moodle:moodle:2.3.6:::::::*
	cpe:2.3:a:moodle:moodle:2.3.7:::::::*
	cpe:2.3:a:moodle:moodle:2.3.8:::::::*
	cpe:2.3:a:moodle:moodle:2.3.9:::::::*
	cpe:2.3:a:moodle:moodle:2.3.10:::::::*
	cpe:2.3:a:moodle:moodle:2.3.11:::::::*
	cpe:2.3:a:moodle:moodle:2.4.0:::::::*
	cpe:2.3:a:moodle:moodle:2.4.1:::::::*
	cpe:2.3:a:moodle:moodle:2.4.2:::::::*
	cpe:2.3:a:moodle:moodle:2.4.3:::::::*
	cpe:2.3:a:moodle:moodle:2.4.4:::::::*
	cpe:2.3:a:moodle:moodle:2.4.5:::::::*
	cpe:2.3:a:moodle:moodle:2.4.6:::::::*
	cpe:2.3:a:moodle:moodle:2.4.7:::::::*
	cpe:2.3:a:moodle:moodle:2.4.8:::::::*
	cpe:2.3:a:moodle:moodle:2.4.9:::::::*
	cpe:2.3:a:moodle:moodle:2.4.10:::::::*
	cpe:2.3:a:moodle:moodle:2.5.0:::::::*
	cpe:2.3:a:moodle:moodle:2.5.1:::::::*
	cpe:2.3:a:moodle:moodle:2.5.2:::::::*
	cpe:2.3:a:moodle:moodle:2.5.3:::::::*
	cpe:2.3:a:moodle:moodle:2.5.4:::::::*
	cpe:2.3:a:moodle:moodle:2.5.5:::::::*
	cpe:2.3:a:moodle:moodle:2.5.6:::::::*
cpe:2.3:a:moodle:moodle:2.5.7:::::::*
cpe:2.3:a:moodle:moodle:2.6.0:::::::*
cpe:2.3:a:moodle:moodle:2.6.1:::::::*
cpe:2.3:a:moodle:moodle:2.6.2:::::::*
cpe:2.3:a:moodle:moodle:2.6.3:::::::*
cpe:2.3:a:moodle:moodle:2.6.4:::::::*
cpe:2.3:a:moodle:moodle:2.7.0:::::::*
cpe:2.3:a:moodle:moodle:2.7.1:::::::*

No data.

References

Link	Providers
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46619
http://openwall.com/lists/oss-security/2014/09/15/1
https://moodle.org/mod/forum/discuss.php?d=269591

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-09-15T14:00:00

Updated: 2024-08-06T10:50:17.677Z

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3617

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-09-15T14:55:11.540

Modified: 2020-12-01T14:54:45.183

Link: CVE-2014-3617

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object