Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2019-3848

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.)

  • Published: Mar 26, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-3848
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
moodle / moodle 3.5.0 3.5.5
moodle / moodle 3.6.0 3.6.3
moodle / moodle - 3.4.8