UBUNTU-CVE-2016-3729

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2016-3729
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-3729.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2016-3729
Upstream
Withdrawn
2025-07-18T16:43:28Z
Published
2017-04-20T21:59:00Z
Modified
2025-07-16T08:19:09.997056Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.

References

Affected packages

Ubuntu:16.04:LTS / moodle

Package

Name
moodle
Purl
pkg:deb/ubuntu/moodle@3.0.3+dfsg-0ubuntu1?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.3+dfsg-0ubuntu1

Affected versions

2.*

2.7.9+dfsg-1
2.7.10+dfsg-1
2.7.11+dfsg-1
2.7.11+dfsg-2
2.7.12+dfsg-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "moodle",
            "binary_version": "3.0.3+dfsg-0ubuntu1"
        }
    ],
    "availability": "No subscription required"
}