What the vulnerability does
01Description
Missing Authorization vulnerability in Joe Dolson My Calendar my-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Calendar: from n/a through <= 3.6.16.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in Joe Dolson My Calendar my-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Calendar: from n/a through <= 3.6.16.
Explanation of Vulnerability in Simple Terms
My Calendar versions 3.6.16 and earlier lack proper authorization checks, allowing authenticated users with low privileges to modify calendar data they should not have access to. The vulnerability requires a valid user account but no special interaction. Integrity of calendar events and settings can be compromised by unauthorized modification.
What an attacker can do
Modify calendar events and settings without proper authorization.
Potential impact on your site
Unauthorized users can alter or corrupt calendar content, affecting event accuracy and site reliability.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources