CVE-2021-36400
First published: Mon Mar 06 2023(Updated: )
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
Credit: patrick@puiterwijk.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle Moodle | <3.9.8 | |
| Moodle Moodle | >=3.10.0<3.10.5 | |
| Moodle Moodle | >=3.11.0<3.11.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-36400?
CVE-2021-36400 is a vulnerability in Moodle that allows for the removal of other users' calendar URL subscriptions.
How does the vulnerability in Moodle work?
The vulnerability in Moodle is caused by insufficient capability checks, which allow an attacker to remove other users' calendar URL subscriptions.
What versions of Moodle are affected by CVE-2021-36400?
Versions 3.9.8, 3.10.0 to 3.10.5, and 3.11.0 to 3.11.1 of Moodle are affected by CVE-2021-36400.
What is the severity of CVE-2021-36400?
CVE-2021-36400 has a severity score of 5.3, making it a medium severity vulnerability.
How can I fix CVE-2021-36400 in Moodle?
To fix CVE-2021-36400 in Moodle, you should upgrade to a version that is not affected by the vulnerability.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/moodle
- canonical/moodle moodle
- version/moodle moodle/3.10.0
- version/moodle moodle/3.11.0