Moderate severityNVD Advisory· Published Nov 24, 2014· Updated Jun 17, 2026
CVE-2014-7832
CVE-2014-7832
Description
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | < 2.5.9 | 2.5.9 |
moodle/moodlePackagist | >= 2.6.0, < 2.6.6 | 2.6.6 |
moodle/moodlePackagist | >= 2.7.0, < 2.7.3 | 2.7.3 |
Affected products
20cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*range: <=2.4.11
- cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-mphj-h2fc-62x3ghsaADVISORY
- moodle.org/mod/forum/discuss.phpnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2014-7832ghsaADVISORY
- openwall.com/lists/oss-security/2014/11/17/11nvdWEB
- github.com/moodle/moodle/commit/263f78b8b804fe7dbcd6ffadcadad2c94a0093f7ghsaWEB
- github.com/moodle/moodle/commit/8e34d8e85b971a01459797799c0696cfeaae9cc0ghsaWEB
- github.com/moodle/moodle/commit/c844af2569e972195db8bca683c1fdf2ddbc3a59ghsaWEB
- github.com/moodle/moodle/commit/fe8430e0dc2a50ea8e03d709e95d1226631d0d52ghsaWEB
- web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215ghsaWEB
- www.securitytracker.com/id/1031215nvd
News mentions
0No linked articles in our index yet.