CVE-2021-43560

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

Published: Nov 22, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-43560
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-668

Affected Software
References

Software	From	Fixed in
moodle / moodle	3.11.0	3.11.4
moodle / moodle	3.9.0	3.9.11
moodle / moodle	3.10.0	3.10.8
moodle / moodle	-	3.8.8.x
fedoraproject / fedora	35	35.x
fedoraproject / extra_packages_for_enterprise_linux	7.0	7.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=2021519
https://moodle.org/mod/forum/discuss.php?d=429100

Vulnerability Database

289,599

CVE-2021-43560