vulnerability

Moodle: Exposure of Resource to Wrong Sphere (CVE-2021-43560)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Nov 22, 2021	Nov 29, 2021	Nov 29, 2021

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Nov 22, 2021

Added

Nov 29, 2021

Modified

Nov 29, 2021

Description

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

Solutions

moodle-upgrade-3_10_8moodle-upgrade-3_11_4moodle-upgrade-3_9_11

References

CVE-2021-43560
https://attackerkb.com/topics/CVE-2021-43560
URL-https://bugzilla.redhat.com/show_bug.cgi?id=2021519
URL-https://moodle.org/mod/forum/discuss.php?d=429100

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today