Description

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.)

Remediation

References

CVE-2019-3848

Related Vulnerabilities

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.30)

WordPress Plugin Super Store Finder for WordPress (Google Maps Store Locator) SQL Injection (6.3)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2507)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4441)

Nginx Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0337)

Severity

Medium

Classification

CVE-2019-3848 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities