Candidate: CVE-2019-3848
PublicDate: 2019-03-26 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3848
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848
 https://moodle.org/mod/forum/discuss.php?d=384011#p1547743
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64830
Description:
 A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8.
 Permissions were not correctly checked before loading event information
 into the calendar's edit event modal popup, so logged in non-guest users
 could view unauthorised calendar events. (Note: It was read-only access,
 users could not edit the events.)
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [4.3 MEDIUM]
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N [4.3 MEDIUM]


Patches_moodle:
upstream_moodle: needs-triage
precise/esm_moodle: DNE
trusty_moodle: not-affected (code not present)
trusty/esm_moodle: DNE (trusty was not-affected [code not present])
xenial_moodle: not-affected (code not present)
bionic_moodle: not-affected (code not present)
cosmic_moodle: not-affected (code not present)
devel_moodle: not-affected (code not present)