CVE-2022-0333

EUVD-2022-0641
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.8 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
moodlemoodle
𝑥
≤ 3.8.9
moodlemoodle
3.9.0 ≤
𝑥
< 3.9.12
moodlemoodle
3.10.0 ≤
𝑥
< 3.10.9
moodlemoodle
3.11.0 ≤
𝑥
< 3.11.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
moodle
bionic
needs-triage
trusty
ignored
xenial
needs-triage
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=2043663
https://moodle.org/mod/forum/discuss.php?d=431100
https://bugzilla.redhat.com/show_bug.cgi?id=2043663
https://moodle.org/mod/forum/discuss.php?d=431100