CVE-2021-43560

Exposure of Resource to Wrong Sphere in packagist/moodle/moodle

Identifiers

CVE-2021-43560

Package Slug

packagist/moodle/moodle

Vulnerability

Exposure of Resource to Wrong Sphere

Description

Insufficient capability checks made it possible to fetch other users' calendar action events.

Affected Versions

All versions up to 3.8.8, all versions starting from 3.9.0 before 3.9.11, all versions starting from 3.10.0 before 3.10.8, all versions starting from 3.11.0 before 3.11.4

Solution

Upgrade to versions 3.8.9, 3.9.11, 3.10.8, 3.11.4 or above.

Last Modified

2021-11-30

source