Main Vulnerability Database Vulnerabilities #VU39160

Information disclosure in Moodle - CVE-2016-3732

Published: April 21, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39160

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-3732

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.

How to mitigate CVE-2016-3732

Install update from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2016/05/17/4
http://www.securitytracker.com/id/1035902
https://bugzilla.redhat.com/show_bug.cgi?id=1335933

Information disclosure in Moodle - CVE-2016-3732

Detailed vulnerability description

How to mitigate CVE-2016-3732

Sources

Please verify you're human