Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2022-0333

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.

CVSS v3:

  • Severity: Low
  • Score: 3.8
  • AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

Software From Fixed in
moodle / moodle 3.11.0 3.11.5
moodle / moodle 3.9.0 3.9.12
moodle / moodle 3.10.0 3.10.9
moodle / moodle - 3.8.9.x
moodle / moodle 3.11 3.11.5
moodle / moodle 3.10 3.10.8
moodle / moodle - 3.9.11