Mark Nielsen

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.1.11 Moodle versions 2.2.x prior to 2.2.8 Moodle versions 2.3.x prior to 2.3.5 Moodle versions 2.4.x prior to 2.4.2 **Description** The issue allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message. This occurs in the lib/setuplib.php file. **Recommendations** For versions 2.2.x, update to version 2.2.8 or later. For versions 2.3.x, update to version 2.3.5 or later. For versions 2.4.x, update to version 2.4.2 or later. For versions prior to 2.1.11, update to version 2.1.11 or later.