Nadav Kavalerchik

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.5 to 3.5.17 Moodle versions 3.8 to 3.8.8 Moodle versions 3.9 to 3.9.6 Moodle versions 3.10 to 3.10.3 **Description** The issue exists due to insufficient input validation in the virtual learning environment. This allows a remote attacker to gain unauthorized access to protected information. Specifically, it was possible for a student to view their quiz grade before it had been released, using a quiz web service. **Recommendations** For Moodle versions 3.5 to 3.5.17, update to a version later than 3.5.17 to resolve the issue. For Moodle versions 3.8 to 3.8.8, update to a version later than 3.8.8 to resolve the issue. For Moodle versions 3.9 to 3.9.6, update to a version later than 3.9.6 to resolve the issue. For Moodle versions 3.10 to 3.10.3, update to a version later than 3.10.3 to resolve the issue. As a temporary workaround, consider restricting access to the quiz web service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.2.x **Description** The issue allows global search to display user names for unauthenticated users. **Recommendations** For Moodle versions 3.2.x, update to a version where this issue is resolved to prevent user names from being displayed to unauthenticated users.