{"api_version":"1","generated_at":"2026-04-23T02:20:14+00:00","cve":"CVE-2021-43560","urls":{"html":"https://cve.report/CVE-2021-43560","api":"https://cve.report/api/cve/CVE-2021-43560.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-43560","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-43560"},"summary":{"title":"CVE-2021-43560","description":"A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.","state":"PUBLIC","assigner":"patrick@puiterwijk.org","published_at":"2021-11-22 16:15:00","updated_at":"2022-12-21 15:01:00"},"problem_types":["CWE-668"],"metrics":[],"references":[{"url":"https://moodle.org/mod/forum/discuss.php?d=429100","name":"https://moodle.org/mod/forum/discuss.php?d=429100","refsource":"MISC","tags":[],"title":"Moodle.org: MSA-21-0042: IDOR in a calendar web service allows fetching of other users' action events","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021519","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2021519","refsource":"MISC","tags":[],"title":"2021519 – (CVE-2021-43560, MSA-21-0042) CVE-2021-43560 moodle: IDOR in a calendar web service allows fetching of other users' action events","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-43560","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43560","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"43560","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fedoraproject","cpe5":"extra_packages_for_enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43560","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43560","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"fedoraproject","cpe5":"fedora_extra_packages_for_enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43560","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"moodle","cpe5":"moodle","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43560","vulnerable":"1","versionEndIncluding":"3.8.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"moodle","cpe5":"moodle","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-43560","ASSIGNER":"patrick@puiterwijk.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"moodle","version":{"version_data":[{"version_value":"moodle 3.11.4, moodle 3.10.8 and moodle 3.9.11"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-863"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2021519","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021519"},{"refsource":"MISC","name":"https://moodle.org/mod/forum/discuss.php?d=429100","url":"https://moodle.org/mod/forum/discuss.php?d=429100"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events."}]}},"nvd":{"publishedDate":"2021-11-22 16:15:00","lastModifiedDate":"2022-12-21 15:01:00","problem_types":["CWE-668"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11.0","versionEndExcluding":"3.11.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.9.0","versionEndExcluding":"3.9.11","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10.0","versionEndExcluding":"3.10.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionEndIncluding":"3.8.8","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"43560","Ordinal":"220628","Title":"CVE-2021-43560","CVE":"CVE-2021-43560","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"43560","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}