Lucene search
FedoraVULNRICHMENT:CVE-2024-33996HistoryMay 31, 2024 - 7:29 p.m.
CVE-2024-33996 moodle: broken access control when setting calendar event type
2024-05-3119:29:07
CWE-20
fedora
github.com
3
cve-2024-33996
moodle
access control
calendar
validation
web service
events
AI Score
6.7
Confidence
Low
EPSS
0
Percentile
9.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:moodle:moodle:4.0.0:-:*:*:*:*:*:*"
],
"vendor": "moodle",
"product": "moodle",
"versions": [
{
"status": "affected",
"version": "4.0.0",
"versionType": "custom",
"lessThanOrEqual": "4.3.3"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*"
],
"vendor": "moodle",
"product": "moodle",
"versions": [
{
"status": "affected",
"version": "4.1.0",
"versionType": "custom",
"lessThanOrEqual": "4.1.9"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*"
],
"vendor": "moodle",
"product": "moodle",
"versions": [
{
"status": "affected",
"version": "4.2.0",
"versionType": "custom",
"lessThanOrEqual": "4.2.6"
}
],
"defaultStatus": "unknown"
}
]Related
osv
osv
Moodle broken access control when setting calendar event type
2024-05-31 21:30:52
CVE-2024-33996
2024-05-31 20:15:00
cve
cve
CVE-2024-33996
2024-05-31 20:15:09
cvelist
cvelist
github
github
Moodle broken access control when setting calendar event type
2024-05-31 21:30:52
nvd
nvd
CVE-2024-33996
2024-05-31 20:15:09
ubuntucve
ubuntucve
CVE-2024-33996
2024-05-31 00:00:00
openvas
openvas
Moodle < 4.1.10, 4.2.x < 4.2.7, 4.3.x < 4.3.4 Multiple Vulnerabilities
2024-05-14 00:00:00
redos
redos
ROS-20240701-03
2024-07-01 00:00:00
AI Score
6.7
Confidence
Low
EPSS
0
Percentile
9.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-33996