Описание
calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| hardy | ignored | end of life |
| lucid | not-affected | 1.9.4.dfsg-0ubuntu4 |
| oneiric | not-affected | 1.9.9.dfsg2-3 |
| precise | not-affected | 1.9.9.dfsg2-6 |
| quantal | not-affected | 2.2.3.dfsg-2.3 |
| upstream | released | 2.4.1 |
Показывать по
EPSS
5.5 Medium
CVSS2
Связанные уязвимости
calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object.
calendar/managesubscriptions.php in the Manage Subscriptions implement ...
calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object.
EPSS
5.5 Medium
CVSS2