CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
EPSS
Percentile
71.4%
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle
through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check
whether a session ID is empty, which allows remote authenticated users to
hijack sessions via crafted plugin interaction.
git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485
launchpad.net/bugs/cve/CVE-2014-3552
marc.info/?l=oss-security&m=140590892508533&w=2
nvd.nist.gov/vuln/detail/CVE-2014-3552
security-tracker.debian.org/tracker/CVE-2014-3552
www.cve.org/CVERecord?id=CVE-2014-3552