CVE-2022-0333

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.8 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
fedoraCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
moodlemoodle
𝑥
≤ 3.8.9
moodlemoodle
3.9.0 ≤
𝑥
< 3.9.12
moodlemoodle
3.10.0 ≤
𝑥
< 3.10.9
moodlemoodle
3.11.0 ≤
𝑥
< 3.11.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
moodle
bionic
needs-triage
xenial
needs-triage
trusty
ignored
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=2043663
https://moodle.org/mod/forum/discuss.php?d=431100
https://bugzilla.redhat.com/show_bug.cgi?id=2043663
https://moodle.org/mod/forum/discuss.php?d=431100