CVE-2024-33996 Information

Description

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.

Reference

https://moodle.org/mod/forum/discuss.php?d=458384#p1840909