CVE-2024-33996

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.

CVSS

No CVSS.

References

Link	Resource
https://moodle.org/mod/forum/discuss.php?d=458384#p1840909

Configurations

No configuration.

History

03 Jun 2024, 14:46

Type	Values Removed	Values Added
Summary		(es) La validación incorrecta de los tipos de eventos permitidos en un servicio web de calendario hizo posible que algunos usuarios crearan eventos con tipos/audiencias para los que no tenían permiso para publicar.

31 May 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-31 20:15

Updated : 2024-06-03 14:46

NVD link : CVE-2024-33996

Mitre link : CVE-2024-33996

CVE.ORG link : CVE-2024-33996

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

JSON object

Attach tags to CVE-2024-33996

Attach tags to `CVE-2024-33996`