Insufficient Capability Checks in Moodle Allow Unauthorized Access to Calendar Action Events

Insufficient Capability Checks in Moodle Allow Unauthorized Access to Calendar Action Events

CVE-2021-43560 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

Learn more about our User Device Pen Test.