CVE-2021-43560
First published: Tue Nov 09 2021(Updated: )
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
Credit: patrick@puiterwijk.org patrick@puiterwijk.org patrick@puiterwijk.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/moodle/moodle | >=3.11<3.11.4 | 3.11.4 |
| composer/moodle/moodle | >=3.10<3.10.8 | 3.10.8 |
| composer/moodle/moodle | >=3.9<3.9.11 | 3.9.11 |
| redhat/moodle | <3.11.4 | 3.11.4 |
| redhat/moodle 3.10.8 and moodle | <3.9.11 | 3.9.11 |
| Moodle | <=3.8.8 | |
| Moodle | >=3.9.0<3.9.11 | |
| Moodle | >=3.10.0<3.10.8 | |
| Moodle | >=3.11.0<3.11.4 | |
| Fedora EPEL | =7.0 | |
| Fedora | =35 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2021519
- https://moodle.org/mod/forum/discuss.php?d=429100
- https://nvd.nist.gov/vuln/detail/CVE-2021-43560
- https://github.com/advisories/GHSA-g39c-mccf-rxjv (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2023831
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2023830
Frequently Asked Questions
What is the severity of CVE-2021-43560?
CVE-2021-43560 has a medium severity due to insufficient capability checks allowing unauthorized access to other users' calendar actions.
How do I fix CVE-2021-43560?
You can fix CVE-2021-43560 by upgrading to Moodle version 3.11.4, 3.10.8, or 3.9.11.
Which versions of Moodle are affected by CVE-2021-43560?
Moodle versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10, and earlier unsupported versions are affected by CVE-2021-43560.
What type of vulnerability is CVE-2021-43560?
CVE-2021-43560 is a security vulnerability that pertains to insufficient capability checks in the Moodle calendar feature.
Who should be concerned about CVE-2021-43560?
Administrators of Moodle installations running the affected versions should be concerned about CVE-2021-43560 and take action to secure their systems.
- agent/weakness
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-g39c-mccf-rxjv
- alias/CVE-2021-43560
- agent/software-canonical-lookup
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- agent/severity
- agent/references
- agent/first-publish-date
- agent/description
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-cve
- package-manager/composer
- package-manager/redhat
- vendor/moodle
- canonical/moodle
- version/moodle/3.8.8
- version/moodle/3.9.0
- version/moodle/3.10.0
- version/moodle/3.11.0
- vendor/fedoraproject
- canonical/fedora epel
- version/fedora epel/7.0
- canonical/fedora
- version/fedora/35