CVE-2024-33996

CVE-2024-33996: moodle: broken access control when setting calendar event type

Vendor Moodle

Product Moodle

Weakness CWE-20 · Input validation

Published May 31, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.

Key dates

02Disclosure timeline

May 31, 2024 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-33996 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2024-33996

CWE CWE-20

Affected versions

Vendor Moodle

Product Moodle

Affected ≥ 4.0 and ≤ 4.3.3

Vendor Moodle

Product Moodle

Affected ≥ 4.2 and ≤ 4.2.6

Vendor Moodle

Product Moodle

Affected ≥ 4.1 and ≤ 4.1.9

CVE-2024-33996: moodle: broken access control when setting calendar event type

01Description

02Disclosure timeline

03References

04Related CVE