CVE-2021-43560

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2021519 Issue Tracking Third Party Advisory
https://moodle.org/mod/forum/discuss.php?d=429100 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-11-22 16:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-43560

Mitre link : CVE-2021-43560

CVE.ORG link : CVE-2021-43560


JSON object : View

Products Affected

moodle

  • moodle

fedoraproject

  • fedora
  • extra_packages_for_enterprise_linux
CWE
CWE-668

Exposure of Resource to Wrong Sphere

CWE-863

Incorrect Authorization