Lucene search

[email protected]NVD:CVE-2021-43560

HistoryNov 22, 2021 - 4:15 p.m.

CVE-2021-43560

2021-11-2216:15:08

CWE-863

CWE-668

[email protected]

web.nvd.nist.gov

moodle

calendar

capability checks

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

39.2%

JSON

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users’ calendar action events.

Affected configurations

Nvd

Node

moodlemoodleRange≤3.8.8

moodlemoodleRange3.9.0–3.9.11

moodlemoodleRange3.10.0–3.10.8

moodlemoodleRange3.11.0–3.11.4

Node

fedoraprojectextra_packages_for_enterprise_linuxMatch7.0

fedoraprojectfedoraMatch35

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
fedoraprojectextra_packages_for_enterprise_linux7.0cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::
fedoraproject	extra_packages_for_enterprise_linux	7.0	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*