Описание
Moodle Insecure direct object reference (IDOR) in a calendar web service
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
Пакеты
moodle/moodle
>= 3.9, < 3.9.11
3.9.11
moodle/moodle
>= 3.10, < 3.10.8
3.10.8
moodle/moodle
>= 3.11, < 3.11.4
3.11.4
Связанные уязвимости
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...
Уязвимость системы управления Moodle, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить привилегии