CVE-2021-43560

MEDIUM

Moodle <3.11.3-3.9.10 - Info Disclosure

Title source: llm

Description

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

References (2)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2021519

[Patch, Vendor Advisory] https://moodle.org/mod/forum/discuss.php?d=429100

Scores

CVSS v3 5.3

EPSS 0.0016

EPSS Percentile 36.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-668 CWE-863

Status published

Affected Products (4)

moodle/moodle < 3.8.8

fedoraproject/extra_packages_for_enterprise_linux

fedoraproject/fedora

moodle/moodle < 3.9.11Packagist

Timeline

Published Nov 22, 2021

Tracked Since Feb 18, 2026