Moodle · Moodle · CVE-2012-2354
**Name of the Vulnerable Software and Affected Versions**
Moodle versions 2.1.x through 2.1.5
Moodle versions 2.2.x through 2.2.2
**Description**
The issue allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages. This is achieved by using the "Recent conversations" feature with a modified parameter in a URL.
**Recommendations**
For Moodle versions 2.1.x through 2.1.5, update to version 2.1.6 or later.
For Moodle versions 2.2.x through 2.2.2, update to version 2.2.3 or later.