Description

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.

Remediation

References

CVE-2016-3732

Related Vulnerabilities

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5505)

WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Arbitrary File Upload (3.4.4)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-4893)

WordPress Plugin File Manager Cross-Site Scripting (2.9)

Grafana Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2022-39328)

Severity

Medium

Classification

CVE-2016-3732 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities