CVE-2021-43560

State: PUBLISHED · Published: 2021-11-22 · Updated: 2024-08-04 · Assigner: fedora

Description

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

CWE

CWE-863 — CWE-863

Affected

n/a / moodle — v=moodle 3.11.4, moodle 3.10.8 and moodle 3.9.11 [affected]

CVSS

(none)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2021519 x_refsource_MISC
https://moodle.org/mod/forum/discuss.php?d=429100 x_refsource_MISC

Source

cvelistV5-main/cves/2021/43xxx/CVE-2021-43560.json