Description
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.)
Remediation
References
Related Vulnerabilities
Magento CVE-2019-8091 Vulnerability (CVE-2019-8091)
WordPress Plugin StatPress Multiple Unspecified Vulnerabilities (1.4.1)
Envoy Proxy Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-32780)
Envoy Proxy Improper Input Validation Vulnerability (CVE-2019-9900)
TYPO3 Improper Input Validation Vulnerability (CVE-2010-3716)