Description

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

Remediation

References

CVE-2021-43560

Related Vulnerabilities

phpMyAdmin Other Vulnerability (CVE-2004-0129)

WordPress Plugin S3 Video Cross-Site Scripting (0.982)

WordPress Plugin Startklar Elementor Addons Arbitrary File Upload (1.7.13)

WordPress Plugin WordPress Books Gallery Security Bypass (3.5)

WordPress Plugin Companion Auto Update Multiple Vulnerabilities (3.2.0)

Severity

Medium

Classification

CVE-2021-43560 CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities