Exposure of Resource to Wrong Sphere
A flaw was found in Moodle in versions prior to 3.9.11, 3.10.x prior to 3.10.8, and 3.11.x prior to 3.11.4. Insufficient capability checks made it possible to fetch other users' calendar action events.
CWE-668 - Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.