CVE-2021-43560
Summary
| CVE | CVE-2021-43560 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-11-22 16:15:00 UTC |
| Updated | 2022-12-21 15:01:00 UTC |
| Description | A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events. |
Risk And Classification
Problem Types: CWE-668
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Fedoraproject | Extra Packages For Enterprise Linux | 7.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Application | Fedoraproject | Fedora Extra Packages For Enterprise Linux | 7.0 | All | All | All |
| Application | Moodle | Moodle | All | All | All | All |
| Application | Moodle | Moodle | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Moodle.org: MSA-21-0042: IDOR in a calendar web service allows fetching of other users' action events | MISC | moodle.org | |
| 2021519 – (CVE-2021-43560, MSA-21-0042) CVE-2021-43560 moodle: IDOR in a calendar web service allows fetching of other users' action events | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.