Vulnerabilities > CVE-2021-36400 - Authorization Bypass Through User-Controlled Key vulnerability in Moodle

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

NVD

Published: 2023-03-06

Updated: 2023-03-13

Summary

In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.

Vulnerable Configurations

Part	Description	Count
Application	Moodle Moodle Moodle 3.11.0 Moodle Moodle 3.10.0 Moodle Moodle 3.10.1 Moodle Moodle 3.10.2 Moodle Moodle 3.10.3 Moodle Moodle 3.10.4 Moodle Moodle - Moodle Moodle 1.1.1 Moodle Moodle 1.2 Moodle Moodle 1.2.0 Moodle Moodle 1.2.1 Moodle Moodle 1.3 Moodle Moodle 1.3.0 Moodle Moodle 1.3.1 Moodle Moodle 1.3.2 Moodle Moodle 1.3.3 Moodle Moodle 1.3.4 Moodle Moodle 1.3.5 Moodle Moodle 1.4.0 Moodle Moodle 1.4.1 Moodle Moodle 1.4.2 Moodle Moodle 1.4.3 Moodle Moodle 1.4.4 Moodle Moodle 1.4.5 Moodle Moodle 1.5 Moodle Moodle 1.5.0 Moodle Moodle 1.5.1 Moodle Moodle 1.5.2 Moodle Moodle 1.5.3 Moodle Moodle 1.5.4 Moodle Moodle 1.6 Moodle Moodle 1.6.0 Moodle Moodle 1.6.1 Moodle Moodle 1.6.2 Moodle Moodle 1.6.3 Moodle Moodle 1.6.4 Moodle Moodle 1.6.5 Moodle Moodle 1.6.6 Moodle Moodle 1.6.7 Moodle Moodle 1.6.8 Moodle Moodle 1.6.9 Moodle Moodle 1.7 Moodle Moodle 1.7.0 Moodle Moodle 1.7.1 Moodle Moodle 1.7.2 Moodle Moodle 1.7.3 Moodle Moodle 1.7.4 Moodle Moodle 1.7.5 Moodle Moodle 1.7.6 Moodle Moodle 1.7.7 Moodle Moodle 1.8 Moodle Moodle 1.8.0 Moodle Moodle 1.8.1 Moodle Moodle 1.8.2 Moodle Moodle 1.8.3 Moodle Moodle 1.8.4 Moodle Moodle 1.8.5 Moodle Moodle 1.8.6 Moodle Moodle 1.8.7 Moodle Moodle 1.8.8 Moodle Moodle 1.8.9 Moodle Moodle 1.8.10 Moodle Moodle 1.8.11 Moodle Moodle 1.8.12 Moodle Moodle 1.8.13 Moodle Moodle 1.8.14 Moodle Moodle 1.9 Moodle Moodle 1.9.0 Moodle Moodle 1.9.1 Moodle Moodle 1.9.2 Moodle Moodle 1.9.3 Moodle Moodle 1.9.4 Moodle Moodle 1.9.5 Moodle Moodle 1.9.6 Moodle Moodle 1.9.7 Moodle Moodle 1.9.8 Moodle Moodle 1.9.9 Moodle Moodle 1.9.10 Moodle Moodle 1.9.11 Moodle Moodle 1.9.12 Moodle Moodle 1.9.13 Moodle Moodle 1.9.14 Moodle Moodle 1.9.15 Moodle Moodle 1.9.16 Moodle Moodle 1.9.17 Moodle Moodle 1.9.18 Moodle Moodle 1.9.19 Moodle Moodle 2.0 Moodle Moodle 2.0.0 Moodle Moodle 2.0.1 Moodle Moodle 2.0.2 Moodle Moodle 2.0.3 Moodle Moodle 2.0.4 Moodle Moodle 2.0.5 Moodle Moodle 2.0.6 Moodle Moodle 2.0.7 Moodle Moodle 2.0.8 Moodle Moodle 2.0.9 Moodle Moodle 2.0.10 Moodle Moodle 2.1 Moodle Moodle 2.1.0 Moodle Moodle 2.1.1 Moodle Moodle 2.1.2 Moodle Moodle 2.1.3 Moodle Moodle 2.1.4 Moodle Moodle 2.1.5 Moodle Moodle 2.1.6 Moodle Moodle 2.1.7 Moodle Moodle 2.1.8 Moodle Moodle 2.1.9 Moodle Moodle 2.1.10 Moodle Moodle 2.2 Moodle Moodle 2.2.0 Moodle Moodle 2.2.1 Moodle Moodle 2.2.2 Moodle Moodle 2.2.3 Moodle Moodle 2.2.4 Moodle Moodle 2.2.5 Moodle Moodle 2.2.6 Moodle Moodle 2.2.7 Moodle Moodle 2.2.8 Moodle Moodle 2.2.9 Moodle Moodle 2.2.10 Moodle Moodle 2.2.11 Moodle Moodle 2.3 Moodle Moodle 2.3.0 Moodle Moodle 2.3.1 Moodle Moodle 2.3.2 Moodle Moodle 2.3.3 Moodle Moodle 2.3.4 Moodle Moodle 2.3.5 Moodle Moodle 2.3.6 Moodle Moodle 2.3.7 Moodle Moodle 2.3.8 Moodle Moodle 2.3.9 Moodle Moodle 2.3.10 Moodle Moodle 2.3.11 Moodle Moodle 2.4 Moodle Moodle 2.4.0 Moodle Moodle 2.4.1 Moodle Moodle 2.4.2 Moodle Moodle 2.4.3 Moodle Moodle 2.4.4 Moodle Moodle 2.4.5 Moodle Moodle 2.4.6 Moodle Moodle 2.4.7 Moodle Moodle 2.4.8 Moodle Moodle 2.4.9 Moodle Moodle 2.4.10 Moodle Moodle 2.4.11 Moodle Moodle 2.5 Moodle Moodle 2.5.0 Moodle Moodle 2.5.1 Moodle Moodle 2.5.2 Moodle Moodle 2.5.3 Moodle Moodle 2.5.4 Moodle Moodle 2.5.5 Moodle Moodle 2.5.6 Moodle Moodle 2.5.7 Moodle Moodle 2.5.8 Moodle Moodle 2.5.9 Moodle Moodle 2.6 Moodle Moodle 2.6.0 Moodle Moodle 2.6.1 Moodle Moodle 2.6.2 Moodle Moodle 2.6.3 Moodle Moodle 2.6.4 Moodle Moodle 2.6.5 Moodle Moodle 2.6.6 Moodle Moodle 2.6.7 Moodle Moodle 2.6.8 Moodle Moodle 2.6.9 Moodle Moodle 2.6.10 Moodle Moodle 2.6.11 Moodle Moodle 2.7 Moodle Moodle 2.7.0 Moodle Moodle 2.7.1 Moodle Moodle 2.7.2 Moodle Moodle 2.7.3 Moodle Moodle 2.7.4 Moodle Moodle 2.7.5 Moodle Moodle 2.7.6 Moodle Moodle 2.7.7 Moodle Moodle 2.7.8 Moodle Moodle 2.7.9 Moodle Moodle 2.7.10 Moodle Moodle 2.7.11 Moodle Moodle 2.7.12 Moodle Moodle 2.7.13 Moodle Moodle 2.7.14 Moodle Moodle 2.7.15 Moodle Moodle 2.7.16 Moodle Moodle 2.7.17 Moodle Moodle 2.7.18 Moodle Moodle 2.7.19 Moodle Moodle 2.7.20 Moodle Moodle 2.8 Moodle Moodle 2.8.0 Moodle Moodle 2.8.1 Moodle Moodle 2.8.2 Moodle Moodle 2.8.3 Moodle Moodle 2.8.4 Moodle Moodle 2.8.5 Moodle Moodle 2.8.6 Moodle Moodle 2.8.7 Moodle Moodle 2.8.8 Moodle Moodle 2.8.9 Moodle Moodle 2.8.10 Moodle Moodle 2.8.11 Moodle Moodle 2.8.12 Moodle Moodle 2.9 Moodle Moodle 2.9.0 Moodle Moodle 2.9.1 Moodle Moodle 2.9.2 Moodle Moodle 2.9.3 Moodle Moodle 2.9.4 Moodle Moodle 2.9.5 Moodle Moodle 2.9.6 Moodle Moodle 2.9.7 Moodle Moodle 2.9.8 Moodle Moodle 2.9.9 Moodle Moodle 3.0 Moodle Moodle 3.0.0 Moodle Moodle 3.0.1 Moodle Moodle 3.0.2 Moodle Moodle 3.0.3 Moodle Moodle 3.0.4 Moodle Moodle 3.0.5 Moodle Moodle 3.0.6 Moodle Moodle 3.0.7 Moodle Moodle 3.0.8 Moodle Moodle 3.0.9 Moodle Moodle 3.0.10 Moodle Moodle 3.1 Moodle Moodle 3.1.0 Moodle Moodle 3.1.1 Moodle Moodle 3.1.2 Moodle Moodle 3.1.3 Moodle Moodle 3.1.4 Moodle Moodle 3.1.5 Moodle Moodle 3.1.6 Moodle Moodle 3.1.7 Moodle Moodle 3.1.8 Moodle Moodle 3.1.9 Moodle Moodle 3.1.10 Moodle Moodle 3.1.11 Moodle Moodle 3.1.12 Moodle Moodle 3.1.13 Moodle Moodle 3.1.14 Moodle Moodle 3.1.15 Moodle Moodle 3.1.16 Moodle Moodle 3.1.17 Moodle Moodle 3.1.18 Moodle Moodle 3.2 Moodle Moodle 3.2.0 Moodle Moodle 3.2.1 Moodle Moodle 3.2.2 Moodle Moodle 3.2.3 Moodle Moodle 3.2.4 Moodle Moodle 3.2.5 Moodle Moodle 3.2.6 Moodle Moodle 3.2.7 Moodle Moodle 3.2.8 Moodle Moodle 3.2.9 Moodle Moodle 3.3 Moodle Moodle 3.3.0 Moodle Moodle 3.3.1 Moodle Moodle 3.3.2 Moodle Moodle 3.3.3 Moodle Moodle 3.3.4 Moodle Moodle 3.3.5 Moodle Moodle 3.3.6 Moodle Moodle 3.3.7 Moodle Moodle 3.3.8 Moodle Moodle 3.3.9 Moodle Moodle 3.4 Moodle Moodle 3.4.0 Moodle Moodle 3.4.1 Moodle Moodle 3.4.2 Moodle Moodle 3.4.3 Moodle Moodle 3.4.4 Moodle Moodle 3.4.5 Moodle Moodle 3.4.6 Moodle Moodle 3.4.7 Moodle Moodle 3.4.8 Moodle Moodle 3.4.9 Moodle Moodle 3.5 Moodle Moodle 3.5.0 Moodle Moodle 3.5.1 Moodle Moodle 3.5.2 Moodle Moodle 3.5.3 Moodle Moodle 3.5.4 Moodle Moodle 3.5.5 Moodle Moodle 3.5.6 Moodle Moodle 3.5.7 Moodle Moodle 3.5.8 Moodle Moodle 3.5.9 Moodle Moodle 3.5.10 Moodle Moodle 3.5.11 Moodle Moodle 3.5.12 Moodle Moodle 3.5.13 Moodle Moodle 3.5.14 Moodle Moodle 3.5.15 Moodle Moodle 3.5.16 Moodle Moodle 3.5.17 Moodle Moodle 3.5.18 Moodle Moodle 3.6.0 Moodle Moodle 3.6.1 Moodle Moodle 3.6.2 Moodle Moodle 3.6.3 Moodle Moodle 3.6.4 Moodle Moodle 3.6.5 Moodle Moodle 3.6.6 Moodle Moodle 3.6.7 Moodle Moodle 3.6.8 Moodle Moodle 3.6.9 Moodle Moodle 3.6.10 Moodle Moodle 3.7 Moodle Moodle 3.7.0 Moodle Moodle 3.7.1 Moodle Moodle 3.7.2 Moodle Moodle 3.7.3 Moodle Moodle 3.7.4 Moodle Moodle 3.7.5 Moodle Moodle 3.7.6 Moodle Moodle 3.7.7 Moodle Moodle 3.7.8 Moodle Moodle 3.7.9 Moodle Moodle 3.8.0 Moodle Moodle 3.8.1 Moodle Moodle 3.8.2 Moodle Moodle 3.8.3 Moodle Moodle 3.8.4 Moodle Moodle 3.8.5 Moodle Moodle 3.8.6 Moodle Moodle 3.8.7 Moodle Moodle 3.8.8 Moodle Moodle 3.8.9 Moodle Moodle 3.9.0 Moodle Moodle 3.9.1 Moodle Moodle 3.9.2 Moodle Moodle 3.9.3 Moodle Moodle 3.9.4 Moodle Moodle 3.9.5 Moodle Moodle 3.9.6 Moodle Moodle 3.9.7	393

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://moodle.org/mod/forum/discuss.php?d=424806

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.