Description

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

Remediation

References

CVE-2021-43560

Related Vulnerabilities

WordPress Plugin WP-SendSMS Cross-Site Request Forgery (1.0)

MySQL CVE-2015-0506 Vulnerability (CVE-2015-0506)

OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-2108)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2266)

Magento Improper Access Control Vulnerability (CVE-2021-21020)

Severity

Medium

Classification

CVE-2021-43560 CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities