Moodle is vulnerable to information disclosure. The library does not properly enforce the moodle/badges:viewbadges
capability, allowing an authenticated malicious user to view sensitive information through badges/overview.php
or badges/view.php
.