CVE-2019-3848

Name of the Vulnerable Software and Affected Versions Moodle versions prior to 3.6.3 Moodle versions prior to 3.5.5 Moodle versions prior to 3.4.8

Description A vulnerability was found where permissions were not correctly checked before loading event information into the calendar's edit event modal popup. This allowed logged in non-guest users to view unauthorized calendar events, although it was read-only access and users could not edit the events.

Recommendations For versions prior to 3.6.3, update to version 3.6.3 or later. For versions prior to 3.5.5, update to version 3.5.5 or later. For versions prior to 3.4.8, update to version 3.4.8 or later.