CVE-2021-43560

MEDIUM5.3EPSS 0.16%

Moodle Insecure direct object reference (IDOR) in a calendar web service

發布日:2022/5/24修改日:2025/4/3

描述

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

受影響套件(2)

Bitnami/moodlefrom 0, < 3.8.9, >= 3.9.0, < 3.9.11, >= 3.10.0, < 3.10.8, >= 3.11.0, < 3.11.4
Packagist/moodle/moodle>= 3.9, < 3.9.11

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-43560
PATCHhttps://github.com/moodle/moodle
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2021519
WEBhttps://moodle.org/mod/forum/discuss.php?d=429100