{"id":"CVE-2022-0333","details":"A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.","aliases":["BIT-moodle-2022-0333","GHSA-m434-m5pv-p35w"],"modified":"2026-02-13T00:39:28.310345Z","published":"2022-01-25T20:15:08.803Z","references":[{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043663"},{"type":"ADVISORY","url":"https://moodle.org/mod/forum/discuss.php?d=431100"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043663"},{"type":"FIX","url":"https://moodle.org/mod/forum/discuss.php?d=431100"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/moodle/moodle","events":[{"introduced":"500c131eb49771e36f68d151dfa37fef5a9bc2df"},{"fixed":"983c94d3410a86437f1f3a88cae099e8cd2b1002"},{"introduced":"94f2d3fc4b974c5c7d500988c56b7ca15f58d7ec"},{"fixed":"a59bec2a6f3c093ebe3b8eb0316c07188a4a339e"},{"introduced":"ec58cefefb2722f61f77c9a2b6a12d40a8c078a0"},{"fixed":"bdb0364a3d1ed1d7489966e03ad16aa4a4fd51d8"}]}],"versions":["v3.10.0","v3.10.0-beta","v3.10.0-rc1","v3.10.0-rc2","v3.10.1","v3.10.2","v3.10.3","v3.10.4","v3.10.5","v3.10.6","v3.10.7","v3.10.8","v3.11.0","v3.11.0-beta","v3.11.0-rc1","v3.11.0-rc2","v3.11.1","v3.11.2","v3.11.3","v3.11.4","v3.9.0","v3.9.1","v3.9.10","v3.9.11","v3.9.2","v3.9.3","v3.9.4","v3.9.5","v3.9.6","v3.9.7","v3.9.8","v3.9.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0333.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}]}