Charles Fulton

**Name of the Vulnerable Software and Affected Versions** Moodle version 3.3 **Description** The course overview block in Moodle reveals activities in hidden courses, potentially exposing sensitive information. **Recommendations** For Moodle version 3.3, consider hiding the course overview block to prevent the disclosure of activities in hidden courses until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.2.x through 2.2.6 Moodle versions 2.3.x through 2.3.3 Moodle versions 2.4.x through 2.4.0 **Description** The issue allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed from the blog/rsslib.php file. **Recommendations** For Moodle versions 2.2.x through 2.2.6, update to version 2.2.7 or later. For Moodle versions 2.3.x through 2.3.3, update to version 2.3.4 or later. For Moodle versions 2.4.x through 2.4.0, update to version 2.4.1 or later.