CVE-2016-3732
Published: 20 April 2017
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
moodle Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Needed
|
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| precise |
Ignored
(end of life)
|
|
| trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
| upstream |
Needs triage
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Needed
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Ignored
(end of life)
|
|
|
Patches: upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53589 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.3 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |