Lucene search
GitHub Advisory DatabaseGHSA-4QWW-RXQ6-X7GFHistoryMay 31, 2024 - 9:30 p.m.
Moodle broken access control when setting calendar event type
2024-05-3121:30:52
CWE-20
GitHub Advisory Database
github.com
12
moodle
access control
calendar
event type
validation
web service
permission
CVSS3
6.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
Affected configurations
Node
moodlemoodleRange<4.1.10
ORmoodlemoodleRange4.2.0–4.2.7
ORmoodlemoodleRange4.3.0–4.3.4
Related
osv
osv
Moodle broken access control when setting calendar event type
2024-05-31 21:30:52
CVE-2024-33996
2024-05-31 20:15:00
vulnrichment
vulnrichment
cve
cve
CVE-2024-33996
2024-05-31 20:15:09
cvelist
cvelist
nvd
nvd
CVE-2024-33996
2024-05-31 20:15:09
ubuntucve
ubuntucve
CVE-2024-33996
2024-05-31 00:00:00
openvas
openvas
Moodle < 4.1.10, 4.2.x < 4.2.7, 4.3.x < 4.3.4 Multiple Vulnerabilities
2024-05-14 00:00:00
redos
redos
ROS-20240701-03
2024-07-01 00:00:00
CVSS3
6.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for GHSA-4QWW-RXQ6-X7GF