Vulnerabilities > CVE-2022-0333 - Incorrect Authorization vulnerability in Moodle

047910
CVSS 3.8 - LOW
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
moodle
CWE-863

Summary

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.

Vulnerable Configurations

Part Description Count
Application
Moodle
404

Common Weakness Enumeration (CWE)