CVE-2021-36400
Moodle has Incorrect Default Permissions in packagist/moodle/moodle
Identifiers
CVE-2021-36400, GHSA-35wf-3wq2-r3hx
Package Slug
packagist/moodle/moodle
Vulnerability
Moodle has Incorrect Default Permissions
Description
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
Affected Versions
All versions before 3.9.8, all versions starting from 3.10.0 before 3.10.5, all versions starting from 3.11.0-beta before 3.11.1
Solution
Upgrade to versions 3.9.8, 3.10.5, 3.11.1 or above.
Last Modified
2023-03-08
| source |