Lucene search
GoogleOSV:CVE-2024-33996HistoryMay 31, 2024 - 8:15 p.m.
CVE-2024-33996
2024-05-3120:15:00
Google
osv.dev
1
validation
calendar
web service
permission
software
CVSS3
6.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
AI Score
7
Confidence
High
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
Related
osv
osv
Moodle broken access control when setting calendar event type
2024-05-31 21:30:52
vulnrichment
vulnrichment
cve
cve
CVE-2024-33996
2024-05-31 20:15:09
cvelist
cvelist
github
github
Moodle broken access control when setting calendar event type
2024-05-31 21:30:52
nvd
nvd
CVE-2024-33996
2024-05-31 20:15:09
ubuntucve
ubuntucve
CVE-2024-33996
2024-05-31 00:00:00
openvas
openvas
Moodle < 4.1.10, 4.2.x < 4.2.7, 4.3.x < 4.3.4 Multiple Vulnerabilities
2024-05-14 00:00:00
redos
redos
ROS-20240701-03
2024-07-01 00:00:00
CVSS3
6.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
AI Score
7
Confidence
High
Related for OSV:CVE-2024-33996