CVE-2019-3848
CVE-2019-3848 affects Moodle versions prior to 3.6.3, 3.5.5, and 3.4.8. The issue arises from permissions not being correctly checked before loading calendar event information in the calendar edit modal, allowing logged-in non-guest users to view unauthorised calendar events (read-only; no edits)...