MSA-19-0005: Logged in users could view all calendar events
|
Información sobre el sistema
|
|
|
Software afectado |
PHP |
Descripción
|
von Michael Hawkins. Permissions were not correctly checked before loading event information into the calendars edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.)Severity/Risk:SeriousVersions affected:3.6 to 3.6.2, 3.5 to 3.5.4 and 3.4 to 3.4.7Versions fixed:3.6.3, 3.5.5 and 3.4.8Reported by:Juan LeyvaCVE identifier:CVE-2019-3848Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=384011&parent=1547743 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2019-3848. |