What is the severity of CVE-2014-7834?

CVE-2014-7834 is considered a medium severity vulnerability due to improper verification of group permissions that can lead to unauthorized access.

What versions of Moodle are affected by CVE-2014-7834?

CVE-2014-7834 affects Moodle versions 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.3.

How do I fix CVE-2014-7834?

To fix CVE-2014-7834, upgrade to Moodle version 2.6.6 or later or 2.7.3 or later.

What causes the vulnerability in CVE-2014-7834?

The vulnerability in CVE-2014-7834 is caused by mod/forum/externallib.php not verifying group permissions when accessing the forum_get_discussions web service.

Can CVE-2014-7834 be exploited remotely?

Yes, CVE-2014-7834 can be exploited remotely by authenticated users to access forums they should not have permission to view.

Vulnerability/
CVE-2014-7834

medium

CWE

264

24/11/2014

13/5/2022

6/8/2024

CVE-2014-7834

First published: Mon Nov 24 2014(Updated: )

mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
composer/moodle/moodle	>=2.7.0<2.7.3	2.7.3
composer/moodle/moodle	>=2.6.0<2.6.6	2.6.6
Moodle	<=2.4.11
Moodle	=2.5.0
Moodle	=2.5.1
Moodle	=2.5.2
Moodle	=2.5.3
Moodle	=2.5.4
Moodle	=2.5.5
Moodle	=2.5.6
Moodle	=2.5.7
Moodle	=2.5.8
Moodle	=2.6.0
Moodle	=2.6.1
Moodle	=2.6.2
Moodle	=2.6.3
Moodle	=2.6.4
Moodle	=2.6.5
Moodle	=2.7.0
Moodle	=2.7.1
Moodle	=2.7.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-7834?
CVE-2014-7834 is considered a medium severity vulnerability due to improper verification of group permissions that can lead to unauthorized access.
What versions of Moodle are affected by CVE-2014-7834?
CVE-2014-7834 affects Moodle versions 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.3.
How do I fix CVE-2014-7834?
To fix CVE-2014-7834, upgrade to Moodle version 2.6.6 or later or 2.7.3 or later.
What causes the vulnerability in CVE-2014-7834?
The vulnerability in CVE-2014-7834 is caused by mod/forum/externallib.php not verifying group permissions when accessing the forum_get_discussions web service.
Can CVE-2014-7834 be exploited remotely?
Yes, CVE-2014-7834 can be exploited remotely by authenticated users to access forums they should not have permission to view.

agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-557f-2hv4-7jjm
alias/CVE-2014-7834
agent/software-canonical-lookup
agent/weakness
agent/references
agent/severity
agent/softwarecombine
agent/description
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/composer
vendor/moodle
canonical/moodle
version/moodle/2.4.11
version/moodle/2.5.0
version/moodle/2.5.1
version/moodle/2.5.2
version/moodle/2.5.3
version/moodle/2.5.4
version/moodle/2.5.5
version/moodle/2.5.6
version/moodle/2.5.7
version/moodle/2.5.8
version/moodle/2.6.0
version/moodle/2.6.1
version/moodle/2.6.2
version/moodle/2.6.3
version/moodle/2.6.4
version/moodle/2.6.5
version/moodle/2.7.0
version/moodle/2.7.1
version/moodle/2.7.2