Moodle is vulnerable to access restriction bypass. The calendar:manageentries
capability are not restricted from accessing user level events, allowing user with manager role to edit user events.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | v3.10.8 | |
moodle/moodle | le | v3.11.5 | |
moodle/moodle | le | v3.9.11 | |
moodle/moodle | le | v3.10.8 | |
moodle/moodle | le | v3.11.5 | |
moodle/moodle | le | v3.9.11 |