CVE-2024-33996

May 31, 2024, 8:15 p.m.

Tags

CWE-20
patrick@puiterwijk.org
2024-05-31
CVE-2024-33996

Product(s) Impacted

Calendar Web Service

Description

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.

Weaknesses

Date

Published: May 31, 2024, 8:15 p.m.

Last Modified: May 31, 2024, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

patrick@puiterwijk.org

References

https://moodle.org/mod/forum/discuss.php?d=458384#p1840909
patrick@puiterwijk.org