Lucene search
GoogleOSV:GHSA-4QWW-RXQ6-X7GFHistoryMay 31, 2024 - 9:30 p.m.
Moodle broken access control when setting calendar event type
2024-05-3121:30:52
Google
osv.dev
6
moodle
broken access control
calendar
validation
event types
web service
permission
software
CVSS3
6.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
Related
vulnrichment
vulnrichment
cve
cve
CVE-2024-33996
2024-05-31 20:15:09
cvelist
cvelist
osv
osv
CVE-2024-33996
2024-05-31 20:15:00
github
github
Moodle broken access control when setting calendar event type
2024-05-31 21:30:52
nvd
nvd
CVE-2024-33996
2024-05-31 20:15:09
ubuntucve
ubuntucve
CVE-2024-33996
2024-05-31 00:00:00
openvas
openvas
Moodle < 4.1.10, 4.2.x < 4.2.7, 4.3.x < 4.3.4 Multiple Vulnerabilities
2024-05-14 00:00:00
redos
redos
ROS-20240701-03
2024-07-01 00:00:00
CVSS3
6.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for OSV:GHSA-4QWW-RXQ6-X7GF