PT-2022-13111 · Moodle+1 · Moodle+1
Oct0Pus7
·
Published
2022-01-17
·
Updated
2024-03-06
·
CVE-2022-0333
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 3.11 to 3.11.4
Moodle versions 3.10 to 3.10.8
Moodle versions 3.9 to 3.9.11
Moodle versions earlier than 3.9
Description
A flaw was found in the calendar:manageentries capability, which allowed managers to access or modify any calendar event. However, this capability should have been restricted from accessing user-level events.
Recommendations
For versions 3.11 to 3.11.4, restrict the calendar:manageentries capability to prevent managers from accessing user-level events.
For versions 3.10 to 3.10.8, restrict the calendar:manageentries capability to prevent managers from accessing user-level events.
For versions 3.9 to 3.9.11, restrict the calendar:manageentries capability to prevent managers from accessing user-level events.
For versions earlier than 3.9, restrict the calendar:manageentries capability to prevent managers from accessing user-level events.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Moodle