Medium severity4.3NVD Advisory· Published Apr 20, 2017· Updated May 13, 2026
CVE-2016-3732
CVE-2016-3732
Description
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 3.0.0, < 3.0.4 | 3.0.4 |
moodle/moodlePackagist | >= 2.9.0, < 2.9.6 | 2.9.6 |
moodle/moodlePackagist | >= 2.8.0, < 2.8.12 | 2.8.12 |
moodle/moodlePackagist | >= 2.7.0, < 2.7.14 | 2.7.14 |
Affected products
44cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*+ 43 more
- cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.0:beta:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:beta:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.openwall.com/lists/oss-security/2016/05/17/4nvdMailing ListThird Party AdvisoryWEB
- www.securitytracker.com/id/1035902nvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-5282-96ff-xx3hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-3732ghsaADVISORY
- web.archive.org/web/20210413170947/http://www.securitytracker.com/id/1035902ghsaWEB
News mentions
0No linked articles in our index yet.