Daniel Konrad

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.8 to 3.8.8 Moodle versions 3.9 to 3.9.6 Moodle versions 3.10 to 3.10.3 **Description** The issue is related to information disclosure. Exploitation of this issue could allow a remote attacker to gain unauthorized access to protected information in CSV format. Specifically, teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. **Recommendations** For Moodle versions 3.8 to 3.8.8, update to a version later than 3.8.8 to resolve the issue. For Moodle versions 3.9 to 3.9.6, update to a version later than 3.9.6 to resolve the issue. For Moodle versions 3.10 to 3.10.3, update to a version later than 3.10.3 to resolve the issue. As a temporary workaround, consider restricting access to the CSV export feature for teachers until a patch is available.