Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2019-3848 - Vulnerability Database
Moodle

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2019-3848

Medium
Reference: CVE-2019-3848
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-3848
Title: Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

A vulnerability was found in moodle before versions 3.6.3 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar39s edit event modal popup so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access users could not edit the events.)