cvedb.io
CVE-2019-3848
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2019-03-26T18:29:00.733 · Last modified 2026-06-17T02:35:43.263

Summary

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.)

Affected products

moodle — moodle

Does this affect you?

Add your gear to cvedb and we'll alert you only when moodle ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.