Barry Oosthuizen

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.5.9 and earlier Moodle versions 2.6.x before 2.6.9 Moodle versions 2.7.x before 2.7.6 Moodle versions 2.8.x before 2.8.4 **Description** The issue is related to the lack of protection for service data in the message/index.php component of the Moodle learning management system. This allows a remote authenticated user to obtain sensitive personal contact and unread message count information by modifying a URL. **Recommendations** For Moodle versions 2.5.9 and earlier, update to a version later than 2.5.9. For Moodle versions 2.6.x before 2.6.9, update to version 2.6.9 or later. For Moodle versions 2.7.x before 2.7.6, update to version 2.7.6 or later. For Moodle versions 2.8.x before 2.8.4, update to version 2.8.4 or later.