First published: Tue Mar 26 2019(Updated: )
A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.)
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | <3.4.8 | |
Moodle Moodle | >=3.5.0<3.5.5 | |
Moodle Moodle | >=3.6.0<3.6.3 | |
composer/moodle/moodle | >=3.6<3.6.3 | 3.6.3 |
composer/moodle/moodle | >=3.5<3.5.5 | 3.5.5 |
composer/moodle/moodle | >=3.4<3.4.8 | 3.4.8 |
<3.4.8 | ||
>=3.5.0<3.5.5 | ||
>=3.6.0<3.6.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.