A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

Affected Packages

Packagist moodle/moodle

Affected versions: 3.9 (fixed in 3.9.11)

Packagist moodle/moodle

Affected versions: 3.10 (fixed in 3.10.8)

Packagist moodle/moodle

Affected versions: 3.11 (fixed in 3.11.4)

Related CVEs

CVE-2021-43560

Key Information

GHSA ID

GHSA-g39c-mccf-rxjv

Published

May 24, 2022 7:21 PM

Last Modified

April 23, 2024 11:38 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

moodle/moodle

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 15, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.