Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.
History

Thu, 10 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Moodle
Moodle moodle
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Vendors & Products Moodle
Moodle moodle

cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2024-02-12T10:51:44.652Z

Updated: 2024-08-01T18:40:21.074Z

Reserved: 2024-02-12T09:16:49.433Z

Link: CVE-2024-1439

cve-icon Vulnrichment

Updated: 2024-08-01T18:40:21.074Z

cve-icon NVD

Status : Modified

Published: 2024-02-12T11:15:08.147

Modified: 2024-11-21T08:50:35.387

Link: CVE-2024-1439

cve-icon Redhat

No data.