Description
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.
Remediation
References
Related Vulnerabilities
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5508)
Joomla! Core Security Bypass (2.5.0 - 3.9.19)
WordPress Plugin WP Editor.md Cross-Site Scripting (10.0.1)
Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-38887)
Drupal Core 8.x.x Multiple Security Bypass Vulnerabilities (8.0.0 - 8.8.12)