Moodle · Moodle · CVE-2016-8642
**Name of the Vulnerable Software and Affected Versions**
Moodle versions 2.x through 3.x
**Description**
The issue is related to insufficient access control in the question engine service of the Moodle learning management system. This can allow a remote attacker to breach information confidentiality. The question engine allows access to files that should not be available.
**Recommendations**
For Moodle versions 2.x through 3.x, consider restricting access to the question engine service until a proper fix is applied.
As a temporary workaround, restrict access to sensitive files that should not be available through the question engine.