CVE-2021-43560

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-43560

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43560.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-43560

Aliases

Downstream

UBUNTU-CVE-2021-43560

Published

2021-11-22T16:15:08.337Z

Modified

2026-04-10T04:40:15.038577Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

Last affected

6f7e3ca2f7e853a183559cfb6d10fa0eb8fc6877

Introduced

500c131eb49771e36f68d151dfa37fef5a9bc2df

Fixed

b02dd253b8e111cfa2c22883bb1d831c6f1f5f63

Introduced

ec58cefefb2722f61f77c9a2b6a12d40a8c078a0

Fixed

08534dff5030462233cede83148f8f6ba727f3a8

Introduced

94f2d3fc4b974c5c7d500988c56b7ca15f58d7ec

Fixed

e1ad263f906edb699a3f1dedaef90c90d8afe47d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.8.8"
        },
        {
            "introduced": "3.9.0"
        },
        {
            "fixed": "3.9.11"
        },
        {
            "introduced": "3.10.0"
        },
        {
            "fixed": "3.10.8"
        },
        {
            "introduced": "3.11.0"
        },
        {
            "fixed": "3.11.4"
        }
    ]
}

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.3.0

v2.*

v2.0.0

v2.0.0-rc1

v2.0.0-rc2

v2.0.1

v2.1.0

v2.2.0

v2.2.0-beta

v2.2.0-rc1

v2.3.0

v2.3.0-beta

v2.3.0-rc1

v2.4.0

v2.4.0-beta

v2.4.0-rc1

v2.5.0

v2.5.0-beta

v2.5.0-rc1

v2.6.0

v2.6.0-beta

v2.6.0-rc1

v2.7.0

v2.7.0-beta

v2.7.0-rc1

v2.7.0-rc2

v2.8.0

v2.8.0-beta

v2.8.0-rc1

v2.8.0-rc2

v2.9.0

v2.9.0-beta

v2.9.0-rc1

v2.9.0-rc2

v3.*

v3.0.0

v3.0.0-beta

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.1.0

v3.1.0-beta

v3.1.0-rc1

v3.1.0-rc2

v3.10.0

v3.10.1

v3.10.2

v3.10.3

v3.10.4

v3.10.5

v3.10.6

v3.10.7

v3.11.0

v3.11.1

v3.11.2

v3.11.3

v3.2.0

v3.2.0-beta

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.2.0-rc4

v3.2.0-rc5

v3.3.0

v3.3.0-beta

v3.3.0-rc1

v3.3.0-rc2

v3.3.0-rc3

v3.4.0

v3.4.0-beta

v3.4.0-rc1

v3.4.0-rc2

v3.4.0-rc3

v3.5.0

v3.5.0-beta

v3.5.0-rc1

v3.6.0

v3.6.0-beta

v3.6.0-rc1

v3.6.0-rc2

v3.6.0-rc3

v3.7.0

v3.7.0-beta

v3.7.0-rc1

v3.7.0-rc2

v3.8.0

v3.8.0-beta

v3.8.0-rc1

v3.8.1

v3.8.2

v3.8.3

v3.8.4

v3.8.5

v3.8.6

v3.8.7

v3.8.8

v3.9.0

v3.9.1

v3.9.10

v3.9.2

v3.9.3

v3.9.4

v3.9.5

v3.9.6

v3.9.7

v3.9.8

v3.9.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43560.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    }
]