Krista Koivisto

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.6.11 and earlier, 2.7.x through 2.7.12, 2.8.x through 2.8.10, 2.9.x through 2.9.4, 3.0.x through 3.0.2 **Description** The issue allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request when the forcelogin feature is enabled. **Recommendations** For versions 2.6.11 and earlier, update to version 2.6.12 or later. For versions 2.7.x through 2.7.12, update to version 2.7.13 or later. For versions 2.8.x through 2.8.10, update to version 2.8.11 or later. For versions 2.9.x through 2.9.4, update to version 2.9.5 or later. For versions 3.0.x through 3.0.2, update to version 3.0.3 or later.