Candidate: CVE-2014-7832
PublicDate: 2014-11-24 11:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7832
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921
Description:
 mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before
 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control
 at the course level rather than at the activity level, which allows remote
 authenticated users to bypass the mod/lti:view capability requirement by
 viewing an activity instance.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: needed
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needed)
trusty_moodle: ignored (reached end-of-life)
trusty/esm_moodle: DNE (trusty was needed)
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: not-affected (2.7.5+dfsg-1)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: not-affected (2.7.5+dfsg-1)
cosmic_moodle: not-affected (2.7.5+dfsg-1)
disco_moodle: not-affected (2.7.5+dfsg-1)
devel_moodle: not-affected (2.7.5+dfsg-1)