CVE-2016-3732

MEDIUM

Moodle <3.0.3, <2.9.5, <2.8.11, <2.7.13 - Info Disclosure

Title source: llm

Description

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.

References (3)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/05/17/4

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035902

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1335933

Scores

CVSS v3 4.3

EPSS 0.0013

EPSS Percentile 31.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (46)

n/a/n/a

moodle/moodle

... and 31 more

Timeline

Published Apr 20, 2017

Tracked Since Feb 18, 2026