VulnerableCode Vulnerability Details - VCID-xhjb-1dg9-sugz

Search for vulnerabilities

Vulnerability details: VCID-xhjb-1dg9-sugz

Essentials
Severities (12)
References (11)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-xhjb-1dg9-sugz
Aliases	CVE-2014-3553 GHSA-mg69-5q59-8jcg
Summary	Moodle does not enforce the moodle/site:accessallgroups capability requirement mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2014/07/21/1
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2014-3553
epss	0.00171	https://api.first.org/data/v1/epss?cve=CVE-2014-3553
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-mg69-5q59-8jcg
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/5c74e0daca748ffbbbf17a410abd8c85335b2116
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/91c8d4da71a6706c70071f9182e8ae6110c86d70
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/e3fd900dcda7b603d7e0749008abd0d01290bbc3
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/f2946a5419a94f19cb3490a249fe0bb50161f254
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=264268
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2014-3553

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990
		http://openwall.com/lists/oss-security/2014/07/21/1
		https://api.first.org/data/v1/epss?cve=CVE-2014-3553
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/5c74e0daca748ffbbbf17a410abd8c85335b2116
		https://github.com/moodle/moodle/commit/91c8d4da71a6706c70071f9182e8ae6110c86d70
		https://github.com/moodle/moodle/commit/e3fd900dcda7b603d7e0749008abd0d01290bbc3
		https://github.com/moodle/moodle/commit/f2946a5419a94f19cb3490a249fe0bb50161f254
		https://moodle.org/mod/forum/discuss.php?d=264268
		https://nvd.nist.gov/vuln/detail/CVE-2014-3553
GHSA-mg69-5q59-8jcg		https://github.com/advisories/GHSA-mg69-5q59-8jcg

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.39159
EPSS Score	0.00171
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:28:24.623057+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mg69-5q59-8jcg/GHSA-mg69-5q59-8jcg.json	36.1.3