| Description: | Capabilities to chat were being checked at the start of a chat, but not during, so changes were not effective immediately. |
| Issue summary: | Broken access control vulnerability with /mod/chat/chat_ajax.php |
| Severity/Risk: | Minor |
| Versions affected: | 2.6 to 2.6.1, 2.5 to 2.5.4, 2.4 to 2.4.8 and earlier unsupported versions |
| Versions fixed: | 2.6.2, 2.5.5 and 2.4.9 |
| Reported by: | Jun Zhu |
| Issue nos.: | MDL-44082 |
| CVE identifier: | CVE-2014-0122 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44082 |