CVE-2022-0333

2022-01-2519:11:11

CWE-863

fedora

www.cve.org

moodle

calendar

security flaw

user events

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.

CNA Affected

[
  {
    "product": "moodle",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "moodle 3.11.5, moodle 3.10.9 and moodle 3.9.12"
      }
    ]
  }
]