VYPR
High severity7.3NVD Advisory· Published Jan 20, 2017· Updated Jun 17, 2026

CVE-2016-7038

CVE-2016-7038

Description

In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
moodle/moodlePackagist
>= 2.7, < 2.7.162.7.16
moodle/moodlePackagist
>= 2.9, < 2.9.82.9.8
moodle/moodlePackagist
>= 3.0, < 3.0.63.0.6
moodle/moodlePackagist
>= 3.1, < 3.1.23.1.2

Affected products

31
  • Moodle/Moodle30 versions
    cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*+ 29 more
    • cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*range: <=2.7.15
    • cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.12:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:2.9.7:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2.7, < 2.7.16

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.