mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2014-11-24T11:00:00
Updated: 2024-08-06T13:03:27.260Z
Reserved: 2014-10-03T00:00:00
Link: CVE-2014-7832
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-11-24T11:59:02.600
Modified: 2020-12-01T14:54:45.183
Link: CVE-2014-7832
Redhat
No data.