CVE-2016-3732

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.

Published: Apr 20, 2017
Updated: Nov 9, 2025
CVE: CVE-2016-3732
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
moodle / moodle	2.7.1	2.7.1.x
moodle / moodle	2.7.0-rc2	2.7.0-rc2.x
moodle / moodle	2.8.3	2.8.3.x
moodle / moodle	2.8.7	2.8.7.x
moodle / moodle	2.7.6	2.7.6.x
moodle / moodle	2.7.11	2.7.11.x
moodle / moodle	2.7.2	2.7.2.x
moodle / moodle	2.7.4	2.7.4.x
moodle / moodle	2.9.4	2.9.4.x
moodle / moodle	2.8.9	2.8.9.x
moodle / moodle	2.7.9	2.7.9.x
moodle / moodle	2.8.10	2.8.10.x
moodle / moodle	2.8.4	2.8.4.x
moodle / moodle	2.8.6	2.8.6.x
moodle / moodle	3.0.2	3.0.2.x
moodle / moodle	2.7.12	2.7.12.x
moodle / moodle	3.0.0-beta	3.0.0-beta.x
moodle / moodle	3.0.0-rc3	3.0.0-rc3.x
moodle / moodle	3.0.0-rc4	3.0.0-rc4.x
moodle / moodle	2.7.0-beta	2.7.0-beta.x
moodle / moodle	2.7.10	2.7.10.x
moodle / moodle	2.7.5	2.7.5.x
moodle / moodle	3.0.1	3.0.1.x
moodle / moodle	2.7.3	2.7.3.x
moodle / moodle	2.8.8	2.8.8.x
moodle / moodle	2.7.0	2.7.0.x
moodle / moodle	3.0.0-rc1	3.0.0-rc1.x
moodle / moodle	3.0.0	3.0.0.x
moodle / moodle	2.9.1	2.9.1.x
moodle / moodle	2.8.1	2.8.1.x
moodle / moodle	2.9.5	2.9.5.x
moodle / moodle	2.7.0-rc1	2.7.0-rc1.x
moodle / moodle	3.0.0-rc2	3.0.0-rc2.x
moodle / moodle	2.8.11	2.8.11.x
moodle / moodle	2.8.5	2.8.5.x
moodle / moodle	2.7.13	2.7.13.x
moodle / moodle	3.0.3	3.0.3.x
moodle / moodle	2.9.2	2.9.2.x
moodle / moodle	2.7.8	2.7.8.x
moodle / moodle	2.9.3	2.9.3.x
moodle / moodle	2.8.2	2.8.2.x
moodle / moodle	2.7.7	2.7.7.x
moodle / moodle	2.8.0	2.8.0.x
moodle / moodle	2.9.0	2.9.0.x

Vulnerability Database

314,373

CVE-2016-3732

Deep Security Visibility Without the Complexity