CVE-2016-2156

Name of the Vulnerable Software and Affected Versions Moodle versions 2.6.11 and earlier, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, 3.0.x before 3.0.3

Description The issue allows remote authenticated users to obtain sensitive information via a web-service request. This occurs because the calendar/externallib.php file provides calendar-event data without considering whether an activity is hidden.

Recommendations For versions 2.6.11 and earlier, update to version 2.7.13 or later. For versions 2.7.x before 2.7.13, update to version 2.7.13 or later. For versions 2.8.x before 2.8.11, update to version 2.8.11 or later. For versions 2.9.x before 2.9.5, update to version 2.9.5 or later. For versions 3.0.x before 3.0.3, update to version 3.0.3 or later.