Lucene search
Ubuntu.comUB:CVE-2024-33996HistoryMay 31, 2024 - 12:00 a.m.
CVE-2024-33996
2024-05-3100:00:00
ubuntu.com
ubuntu.com
5
cve-2024-33996
validation
calendar service
unauthorized event creation
unix
CVSS3
6.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
AI Score
6.5
Confidence
Low
EPSS
0
Percentile
9.0%
Incorrect validation of allowed event types in a calendar web service made
it possible for some users to create events with types/audiences they did
not have permission to publish to.
Related
osv
osv
Moodle broken access control when setting calendar event type
2024-05-31 21:30:52
CVE-2024-33996
2024-05-31 20:15:00
vulnrichment
vulnrichment
cve
cve
CVE-2024-33996
2024-05-31 20:15:09
cvelist
cvelist
github
github
Moodle broken access control when setting calendar event type
2024-05-31 21:30:52
nvd
nvd
CVE-2024-33996
2024-05-31 20:15:09
openvas
openvas
Moodle < 4.1.10, 4.2.x < 4.2.7, 4.3.x < 4.3.4 Multiple Vulnerabilities
2024-05-14 00:00:00
redos
redos
ROS-20240701-03
2024-07-01 00:00:00
CVSS3
6.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
AI Score
6.5
Confidence
Low
EPSS
0
Percentile
9.0%
Related for UB:CVE-2024-33996