Vulnerability Details : CVE-2016-3732
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2016-3732
Probability of exploitation activity in the next 30 days: 0.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 40 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-3732
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
|
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2016-3732
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3732
-
http://www.openwall.com/lists/oss-security/2016/05/17/4
oss-security - Moodle security release 3.0.4, 2.9.6, 2.8.12, 2.7.14Mailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1335933
1335933 – (CVE-2016-3729, CVE-2016-3731, CVE-2016-3732, CVE-2016-3733, CVE-2016-3734) CVE-2016-3729 CVE-2016-3731 CVE-2016-3732 CVE-2016-3733 CVE-2016-3734 moodle: Multiple vulnerabilities fixed in 3.Issue Tracking;Third Party Advisory
-
http://www.securitytracker.com/id/1035902
Moodle Bugs Let Remote Users Access and Modify Data and Conduct Cross-Site Request Forgery Attacks - SecurityTrackerThird Party Advisory;VDB Entry
Products affected by CVE-2016-3732
- cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.0:beta:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.0.0:beta:*:*:*:*:*:*