Patrick Pollet

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.0.0 through 2.0.1 Moodle version 2.0.2 is not affected, but since the range is specified as 'before 2.0.2', we can simplify to: Moodle versions prior to 2.0.2 **Description** The issue is related to an incorrect setting of the `moodle/course:delete` capability in the default configuration. This allows remote authenticated users to delete arbitrary courses by leveraging the teacher role. **Recommendations** For Moodle versions prior to 2.0.2, update to version 2.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the `moodle/course:delete` capability for the teacher role until a patch is applied.