Description
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
Remediation
References
Related Vulnerabilities
OpenSSL Other Vulnerability (CVE-2002-1568)
PHP Other Vulnerability (CVE-2002-0121)
Apache HTTP Server Improper Authentication Vulnerability (CVE-2017-3167)
WordPress Plugin Copy or Move Comments Multiple Vulnerabilities (1.0.0)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1806)