First published: Tue Nov 09 2021(Updated: )
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
Credit: patrick@puiterwijk.org patrick@puiterwijk.org patrick@puiterwijk.org
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | <=3.8.8 | |
Moodle Moodle | >=3.9.0<3.9.11 | |
Moodle Moodle | >=3.10.0<3.10.8 | |
Moodle Moodle | >=3.11.0<3.11.4 | |
Fedoraproject Extra Packages For Enterprise Linux | =7.0 | |
Fedoraproject Fedora | =35 | |
composer/moodle/moodle | >=3.11<3.11.4 | 3.11.4 |
composer/moodle/moodle | >=3.10<3.10.8 | 3.10.8 |
composer/moodle/moodle | >=3.9<3.9.11 | 3.9.11 |
redhat/moodle | <3.11.4 | 3.11.4 |
redhat/moodle 3.10.8 and moodle | <3.9.11 | 3.9.11 |
<=3.8.8 | ||
>=3.9.0<3.9.11 | ||
>=3.10.0<3.10.8 | ||
>=3.11.0<3.11.4 | ||
=7.0 | ||
=35 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.