Moodle is vulnerable to information disclosure. The attacks exist because the checking of whose badges are being viewed is not done in the correct context, allowing an authenticated user to discern the other users’ badges without their permissions.
www.openwall.com/lists/oss-security/2016/05/17/4
www.securitytracker.com/id/1035902
bugzilla.redhat.com/show_bug.cgi?id=1335933
git.moodle.org/gw?p=moodle.git;a=commit;h=b9cc7e01a1c4d86b866e45a7a38b0c09d13a4502
github.com/moodle/moodle/commit/b9cc7e01a1c4d86b866e45a7a38b0c09d13a4502#diff-61f83df71e9cf23e19a8dc34fdb4dc1bL37
security-tracker.debian.org/tracker/CVE-2016-3732