Lalalala5678

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions 9.5.0 and earlier **Description** An authorization bypass exists in the Calendar Block. The function `action get events()` fails to verify the `canView` permission on the calendar, which allows the disclosure of restricted event details. **Recommendations** Update to a version later than 9.5.0. As a temporary workaround, restrict access to the Calendar Block or the `action get events()` function until the update is applied.