1
Candidate: CVE-2014-0009
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0009
5
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
6
https://moodle.org/mod/forum/discuss.php?d=252415
7
http://openwall.com/lists/oss-security/2014/01/20/1
9
course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x
10
before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce
11
the moodle/site:accessallgroups capability requirement for outside-group
12
users in a SEPARATEGROUPS configuration, which allows remote authenticated
13
users to perform "login as" actions via a direct request.
18
Discovered-by: Itamar Tzadok
22
upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
23
upstream_moodle: released (2.6.1, 2.5.4, 2.4.8, 2.3.11)
24
lucid_moodle: ignored (reached end-of-life)
25
precise_moodle: ignored (reached end-of-life)
26
precise/esm_moodle: DNE (precise was needed)
27
quantal_moodle: ignored (reached end-of-life)
28
raring_moodle: ignored (reached end-of-life)
29
saucy_moodle: ignored (reached end-of-life)
30
trusty_moodle: not-affected (2.5.4-1)
31
utopic_moodle: not-affected (2.5.4-1)
32
vivid_moodle: not-affected (2.5.4-1)
33
vivid/stable-phone-overlay_moodle: DNE
34
vivid/ubuntu-core_moodle: DNE
35
wily_moodle: not-affected (2.5.4-1)
36
xenial_moodle: not-affected (2.5.4-1)
37
yakkety_moodle: not-affected (2.5.4-1)
38
zesty_moodle: not-affected (2.5.4-1)
39
devel_moodle: not-affected (2.5.4-1)