CVE-2021-43560

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2021519 Issue Tracking Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=429100 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-11-22 16:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-43560

Mitre link : CVE-2021-43560

CVE.ORG link : CVE-2021-43560


JSON object : View

Products Affected

fedoraproject

  • fedora
  • extra_packages_for_enterprise_linux

moodle

  • moodle
CWE
CWE-668

Exposure of Resource to Wrong Sphere

CWE-863

Incorrect Authorization