{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41756?format=json","vulnerability_id":"VCID-164m-humk-1fe3","summary":"Exposure of Resource to Wrong Sphere\nInsufficient capability checks made it possible to fetch other users' calendar action events.","aliases":[{"alias":"CVE-2021-43560"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59625?format=json","purl":"pkg:composer/moodle/moodle@3.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-57wg-wxss-jbaw"},{"vulnerability":"VCID-hk13-uc46-87h1"},{"vulnerability":"VCID-qfvz-hf8h-8bb3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/59620?format=json","purl":"pkg:composer/moodle/moodle@3.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hk13-uc46-87h1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11"},{"url":"http://public2.vulnerablecode.io/api/packages/59621?format=json","purl":"pkg:composer/moodle/moodle@3.10.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8"},{"url":"http://public2.vulnerablecode.io/api/packages/59622?format=json","purl":"pkg:composer/moodle/moodle@3.11.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.4"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59624?format=json","purl":"pkg:composer/moodle/moodle@3.8.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-164m-humk-1fe3"},{"vulnerability":"VCID-p3ge-1cqt-tufw"},{"vulnerability":"VCID-u32t-89zc-v3gj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/59614?format=json","purl":"pkg:composer/moodle/moodle@3.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-164m-humk-1fe3"},{"vulnerability":"VCID-1kfj-2zwf-vbfp"},{"vulnerability":"VCID-2cdg-m3pq-ufe5"},{"vulnerability":"VCID-2jta-hqah-d7cf"},{"vulnerability":"VCID-33ss-gb34-8ke5"},{"vulnerability":"VCID-57wg-wxss-jbaw"},{"vulnerability":"VCID-5rk8-v6bb-6ugh"},{"vulnerability":"VCID-b994-r5mw-3fbg"},{"vulnerability":"VCID-bju3-sj3y-83e3"},{"vulnerability":"VCID-cs5n-4bst-zfcj"},{"vulnerability":"VCID-efq2-s2df-pqa1"},{"vulnerability":"VCID-gepg-y7ud-cuds"},{"vulnerability":"VCID-hk13-uc46-87h1"},{"vulnerability":"VCID-hsk6-h5ky-g3cx"},{"vulnerability":"VCID-n7d3-j3jn-rqfc"},{"vulnerability":"VCID-p3ge-1cqt-tufw"},{"vulnerability":"VCID-qfvz-hf8h-8bb3"},{"vulnerability":"VCID-s7pu-hgz5-zfbq"},{"vulnerability":"VCID-taab-hupu-huf9"},{"vulnerability":"VCID-u32t-89zc-v3gj"},{"vulnerability":"VCID-utsj-g57g-cbeb"},{"vulnerability":"VCID-zf4q-a4cz-y7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/59616?format=json","purl":"pkg:composer/moodle/moodle@3.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-164m-humk-1fe3"},{"vulnerability":"VCID-1kfj-2zwf-vbfp"},{"vulnerability":"VCID-233t-s5y8-4yg5"},{"vulnerability":"VCID-2cdg-m3pq-ufe5"},{"vulnerability":"VCID-2jta-hqah-d7cf"},{"vulnerability":"VCID-57wg-wxss-jbaw"},{"vulnerability":"VCID-bju3-sj3y-83e3"},{"vulnerability":"VCID-cs5n-4bst-zfcj"},{"vulnerability":"VCID-efq2-s2df-pqa1"},{"vulnerability":"VCID-hk13-uc46-87h1"},{"vulnerability":"VCID-j1s3-fyue-2kfy"},{"vulnerability":"VCID-n7d3-j3jn-rqfc"},{"vulnerability":"VCID-p3ge-1cqt-tufw"},{"vulnerability":"VCID-qfvz-hf8h-8bb3"},{"vulnerability":"VCID-taab-hupu-huf9"},{"vulnerability":"VCID-u32t-89zc-v3gj"},{"vulnerability":"VCID-zf4q-a4cz-y7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/59618?format=json","purl":"pkg:composer/moodle/moodle@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-164m-humk-1fe3"},{"vulnerability":"VCID-1kfj-2zwf-vbfp"},{"vulnerability":"VCID-1wzm-dhqv-43bj"},{"vulnerability":"VCID-233t-s5y8-4yg5"},{"vulnerability":"VCID-24bp-c9yc-gua4"},{"vulnerability":"VCID-2trf-n9r4-ykgg"},{"vulnerability":"VCID-2z6d-qf96-kyb4"},{"vulnerability":"VCID-33ss-gb34-8ke5"},{"vulnerability":"VCID-3ept-fdps-5fe5"},{"vulnerability":"VCID-4c9d-jf9g-u3gn"},{"vulnerability":"VCID-57wg-wxss-jbaw"},{"vulnerability":"VCID-5bfe-hk7m-7bh6"},{"vulnerability":"VCID-5q1e-b4e8-jbc8"},{"vulnerability":"VCID-5rk8-v6bb-6ugh"},{"vulnerability":"VCID-7rqc-eepq-43ds"},{"vulnerability":"VCID-7x6e-qege-ufdv"},{"vulnerability":"VCID-8d9n-ejbb-7fa1"},{"vulnerability":"VCID-9uem-p6k3-nqdb"},{"vulnerability":"VCID-b994-r5mw-3fbg"},{"vulnerability":"VCID-cbzx-gnhr-pfap"},{"vulnerability":"VCID-d8gp-tuxy-3qdf"},{"vulnerability":"VCID-dvrf-62nt-2kdp"},{"vulnerability":"VCID-gepg-y7ud-cuds"},{"vulnerability":"VCID-gr4h-n82f-zkg2"},{"vulnerability":"VCID-hk13-uc46-87h1"},{"vulnerability":"VCID-hsk6-h5ky-g3cx"},{"vulnerability":"VCID-jarn-rtuz-wucq"},{"vulnerability":"VCID-jfsu-ya7r-h3e1"},{"vulnerability":"VCID-p3ge-1cqt-tufw"},{"vulnerability":"VCID-qfvz-hf8h-8bb3"},{"vulnerability":"VCID-s7pu-hgz5-zfbq"},{"vulnerability":"VCID-taab-hupu-huf9"},{"vulnerability":"VCID-u32t-89zc-v3gj"},{"vulnerability":"VCID-utsj-g57g-cbeb"},{"vulnerability":"VCID-x1pc-1kuc-kug2"},{"vulnerability":"VCID-yxag-fghx-47ej"},{"vulnerability":"VCID-zf4q-a4cz-y7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.0"}],"references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021519","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021519"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=429100","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=429100"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43560","reference_id":"CVE-2021-43560","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43560"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":668,"name":"Exposure of Resource to Wrong Sphere","description":"The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-164m-humk-1fe3"}