A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2021519 | Issue Tracking Third Party Advisory |
https://moodle.org/mod/forum/discuss.php?d=429100 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2021-11-22 16:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-43560
Mitre link : CVE-2021-43560
CVE.ORG link : CVE-2021-43560
JSON object : View
Products Affected
moodle
- moodle
fedoraproject
- fedora
- extra_packages_for_enterprise_linux