CVE-2014-0129 | Vulnerability Database | Aqua Security

badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Moodle	Moodle	*	2.3.11 (including)
Moodle	Moodle	2.0.0 (including)	2.0.0 (including)
Moodle	Moodle	2.0.1 (including)	2.0.1 (including)
Moodle	Moodle	2.0.2 (including)	2.0.2 (including)
Moodle	Moodle	2.0.3 (including)	2.0.3 (including)
Moodle	Moodle	2.0.4 (including)	2.0.4 (including)
Moodle	Moodle	2.0.5 (including)	2.0.5 (including)
Moodle	Moodle	2.0.6 (including)	2.0.6 (including)
Moodle	Moodle	2.0.7 (including)	2.0.7 (including)
Moodle	Moodle	2.0.8 (including)	2.0.8 (including)
Moodle	Moodle	2.0.9 (including)	2.0.9 (including)
Moodle	Moodle	2.1.0 (including)	2.1.0 (including)
Moodle	Moodle	2.1.1 (including)	2.1.1 (including)
Moodle	Moodle	2.1.2 (including)	2.1.2 (including)
Moodle	Moodle	2.1.3 (including)	2.1.3 (including)
Moodle	Moodle	2.1.4 (including)	2.1.4 (including)
Moodle	Moodle	2.1.5 (including)	2.1.5 (including)
Moodle	Moodle	2.1.6 (including)	2.1.6 (including)
Moodle	Moodle	2.1.7 (including)	2.1.7 (including)
Moodle	Moodle	2.1.8 (including)	2.1.8 (including)
Moodle	Moodle	2.1.9 (including)	2.1.9 (including)
Moodle	Moodle	2.1.10 (including)	2.1.10 (including)
Moodle	Moodle	2.2.0 (including)	2.2.0 (including)
Moodle	Moodle	2.2.1 (including)	2.2.1 (including)
Moodle	Moodle	2.2.2 (including)	2.2.2 (including)
Moodle	Moodle	2.2.3 (including)	2.2.3 (including)
Moodle	Moodle	2.2.4 (including)	2.2.4 (including)
Moodle	Moodle	2.2.5 (including)	2.2.5 (including)
Moodle	Moodle	2.2.6 (including)	2.2.6 (including)
Moodle	Moodle	2.2.7 (including)	2.2.7 (including)
Moodle	Moodle	2.2.8 (including)	2.2.8 (including)
Moodle	Moodle	2.2.9 (including)	2.2.9 (including)
Moodle	Moodle	2.2.10 (including)	2.2.10 (including)
Moodle	Moodle	2.2.11 (including)	2.2.11 (including)
Moodle	Moodle	2.3.0 (including)	2.3.0 (including)
Moodle	Moodle	2.3.1 (including)	2.3.1 (including)
Moodle	Moodle	2.3.2 (including)	2.3.2 (including)
Moodle	Moodle	2.3.3 (including)	2.3.3 (including)
Moodle	Moodle	2.3.4 (including)	2.3.4 (including)
Moodle	Moodle	2.3.5 (including)	2.3.5 (including)
Moodle	Moodle	2.3.6 (including)	2.3.6 (including)
Moodle	Moodle	2.3.7 (including)	2.3.7 (including)
Moodle	Moodle	2.3.8 (including)	2.3.8 (including)
Moodle	Moodle	2.3.9 (including)	2.3.9 (including)
Moodle	Moodle	2.3.10 (including)	2.3.10 (including)
Moodle	Moodle	2.4.0 (including)	2.4.0 (including)
Moodle	Moodle	2.4.1 (including)	2.4.1 (including)
Moodle	Moodle	2.4.2 (including)	2.4.2 (including)
Moodle	Moodle	2.4.3 (including)	2.4.3 (including)
Moodle	Moodle	2.4.4 (including)	2.4.4 (including)
Moodle	Moodle	2.4.5 (including)	2.4.5 (including)
Moodle	Moodle	2.4.6 (including)	2.4.6 (including)
Moodle	Moodle	2.4.7 (including)	2.4.7 (including)
Moodle	Moodle	2.4.8 (including)	2.4.8 (including)
Moodle	Moodle	2.5.0 (including)	2.5.0 (including)
Moodle	Moodle	2.5.1 (including)	2.5.1 (including)
Moodle	Moodle	2.5.2 (including)	2.5.2 (including)
Moodle	Moodle	2.5.3 (including)	2.5.3 (including)
Moodle	Moodle	2.5.4 (including)	2.5.4 (including)
Moodle	Moodle	2.6.0 (including)	2.6.0 (including)
Moodle	Moodle	2.6.1 (including)	2.6.1 (including)
Moodle	Ubuntu	artful	*
Moodle	Ubuntu	lucid	*
Moodle	Ubuntu	precise	*
Moodle	Ubuntu	quantal	*
Moodle	Ubuntu	saucy	*
Moodle	Ubuntu	trusty	*
Moodle	Ubuntu	upstream	*
Moodle	Ubuntu	utopic	*
Moodle	Ubuntu	vivid	*
Moodle	Ubuntu	wily	*
Moodle	Ubuntu	yakkety	*
Moodle	Ubuntu	zesty	*

References

http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-44140
http://openwall.com/lists/oss-security/2014/03/17/1
https://moodle.org/mod/forum/discuss.php?d=256424

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-0129
CWE	https://cwe.mitre.org/data/definitions/264.html