Alex Mitin

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.5.9 and earlier Moodle versions 2.6.x before 2.6.11 Moodle versions 2.7.x before 2.7.8 Moodle versions 2.8.x before 2.8.6 **Description** The issue allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment. This is related to a lack of protection for internal data in the lib/navigationlib.php component of the Moodle learning management system. An attacker can exploit this issue to gain access to protected information using a student account. **Recommendations** For Moodle versions 2.5.9 and earlier, update to a version later than 2.5.9. For Moodle versions 2.6.x before 2.6.11, update to version 2.6.11 or later. For Moodle versions 2.7.x before 2.7.8, update to version 2.7.8 or later. For Moodle versions 2.8.x before 2.8.6, update to version 2.8.6 or later.