Candidate: CVE-2014-0123
PublicDate: 2014-03-24 14:20:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0123
 https://moodle.org/mod/forum/discuss.php?d=256419
 http://openwall.com/lists/oss-security/2014/03/17/1
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990
Description:
 The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x
 before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view
 and (2) edit access, which allows remote authenticated users to perform
 wiki operations by leveraging the student role and using the Recent
 Activity block to reach the individual wiki of an arbitrary student.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (2.5.5)
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needs-triage)
quantal_moodle: ignored (reached end-of-life)
saucy_moodle: ignored (reached end-of-life)
trusty_moodle: ignored (reached end-of-life)
trusty/esm_moodle: DNE (trusty was needed)
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: not-affected (2.5.5)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: not-affected (2.5.5)
cosmic_moodle: not-affected (2.5.5)
disco_moodle: not-affected (2.5.5)
devel_moodle: not-affected (2.5.5)