Unauthorized Event Creation Due to Incorrect Validation
CVE-2024-33996

Currently unrated

Key Information:

Vendor: Moodle
Status: Moodle
Vendor: CVE Published:; 31 May 2024

Summary

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.

Affected Version(s)

Moodle 4.0 <= 4.3.3

Moodle 4.2 <= 4.2.6

Moodle 4.1 <= 4.1.9

References

https://moodle.org/mod/forum/discuss.php?d=458384#p1840909

Timeline

Vulnerability published
May 31, 2024
Vulnerability Reserved
Apr 29, 2024