GHSA-4qww-rxq6-x7gf
GitHub Security Advisory
Moodle broken access control when setting calendar event type
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
Affected Packages
Packagist
moodle/moodle
Affected versions:
4.3.0
(fixed in 4.3.4)
Packagist
moodle/moodle
Affected versions:
4.2.0
(fixed in 4.2.7)
Packagist
moodle/moodle
Affected versions:
0
(fixed in 4.1.10)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: September 12, 2025 6:34 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.