Boletines de Vulnerabilidades

MSA-21-0042: IDOR in a calendar web service allows fetching of other users action events


Información sobre el sistema

   
Software afectado PHP

Descripción

di Michael Hawkins. Insufficient capability checks made it possible to fetch other users calendar action events.Severity/Risk:MinorVersions affected:3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versionsVersions fixed:3.11.4, 3.10.8 and 3.9.11Reported by:0xkasperCVE identifier:CVE-2021-43560Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71918Tracker issue:MDL-71918 IDOR in a calendar web service allows fetching of

More info:

https://moodle.org/mod/forum/discuss.php?d=429100&parent=1726807

Identificadores estándar

Propiedad Valor
CVE CVE-2021-43560.

Histórico de versiones

Versión Comentario Data
1.0 Advisory issued 2022-05-17
Ministerio de Defensa
CNI
CCN
CCN-CERT