Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.
Metrics
Affected Vendors & Products
References
History
Thu, 10 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Moodle
Moodle moodle |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* | |
Vendors & Products |
Moodle
Moodle moodle |
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2024-02-12T10:51:44.652Z
Updated: 2024-08-01T18:40:21.074Z
Reserved: 2024-02-12T09:16:49.433Z
Link: CVE-2024-1439
Vulnrichment
Updated: 2024-08-01T18:40:21.074Z
NVD
Status : Modified
Published: 2024-02-12T11:15:08.147
Modified: 2024-11-21T08:50:35.387
Link: CVE-2024-1439
Redhat
No data.