Ryan Herring

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.3.11 and earlier, 2.4.x before 2.4.9, 2.5.x before 2.5.5, 2.6.x before 2.6.2 **Description** The issue allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner. This is due to a session key being placed in a URL. **Recommendations** For versions 2.3.11 and earlier, update to a version later than 2.3.11. For versions 2.4.x before 2.4.9, update to version 2.4.9 or later. For versions 2.5.x before 2.5.5, update to version 2.5.5 or later. For versions 2.6.x before 2.6.2, update to version 2.6.2 or later.