Oct0Pus7

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.11 to 3.11.4 Moodle versions 3.10 to 3.10.8 Moodle versions 3.9 to 3.9.11 Moodle versions earlier than 3.9 **Description** A flaw was found in the calendar:manageentries capability, which allowed managers to access or modify any calendar event. However, this capability should have been restricted from accessing user-level events. **Recommendations** For versions 3.11 to 3.11.4, restrict the calendar:manageentries capability to prevent managers from accessing user-level events. For versions 3.10 to 3.10.8, restrict the calendar:manageentries capability to prevent managers from accessing user-level events. For versions 3.9 to 3.9.11, restrict the calendar:manageentries capability to prevent managers from accessing user-level events. For versions earlier than 3.9, restrict the calendar:manageentries capability to prevent managers from accessing user-level events.