Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-43560)

Description

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

Remediation

References

CVE-2021-43560

Related Vulnerabilities

WordPress Plugin 10WebAnalytics Cross-Site Request Forgery (1.2.8)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-3329)

Hesk Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-5287)

Oracle JRE CVE-2013-5810 Vulnerability (CVE-2013-5810)

Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-26028)

Severity

Medium

Classification

CVE-2021-43560 CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N