CVE-2021-43560

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-43560
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43560.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-43560
Aliases
Related
Published
2021-11-22T16:15:08Z
Modified
2025-02-19T03:23:56.472324Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Introduced
500c131eb49771e36f68d151dfa37fef5a9bc2df
Fixed
b02dd253b8e111cfa2c22883bb1d831c6f1f5f63

Affected versions

v3.*

v3.9.0
v3.9.1
v3.9.10
v3.9.2
v3.9.3
v3.9.4
v3.9.5
v3.9.6
v3.9.7
v3.9.8
v3.9.9