CVE-2019-3848

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-3848

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3848.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-3848

Aliases

GHSA-45rw-4r25-jvg7

Published

2019-03-26T18:29:00.733Z

Modified

2026-03-12T23:21:17.864380Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.)

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

Fixed

52bd62f2be983a1b8afb26b0f9bd08c60cbfd2e6

Introduced

46574904afd39578fa4146bf1fc5c401ac680aa6

Fixed

5e878219fbe7ab63d2a54ed02aff63443fb83192

Introduced

cb628a9a08933c2a9f1eae2f3be70ea5d343b419

Fixed

4d3a32dde97e964ad4512c35d15a1784c69c247e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.4.8"
        },
        {
            "introduced": "3.5.0"
        },
        {
            "fixed": "3.5.5"
        },
        {
            "introduced": "3.6.0"
        },
        {
            "fixed": "3.6.3"
        }
    ]
}

Affected versions

v3.*

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.5.4

v3.6.0

v3.6.0-beta

v3.6.0-rc1

v3.6.0-rc2

v3.6.0-rc3

v3.6.1

v3.6.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3848.json"