Ralf Hilgenstock

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.2.2 Moodle version 2.1.5 Moodle version 2.0.8 **Description** The issue concerns the unnecessary inclusion of users' private files in course backups. This affects the confidentiality of user data. **Recommendations** For versions prior to 2.2.2, update to version 2.2.2 or later to exclude private files from course backups. For version 2.1.5, update to a version that excludes private files from course backups, such as version 2.1.6 or later, if available. For version 2.0.8, update to a version that excludes private files from course backups, such as version 2.0.9 or later, if available.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 3.5.1 Moodle versions prior to 3.4.4 Moodle versions prior to 3.3.7 **Description** A flaw was found in the software, where no option existed to omit logs from data privacy exports. These logs may contain details of other users who interacted with the requester. **Recommendations** For versions prior to 3.5.1, update to version 3.5.1 or later. For versions prior to 3.4.4, update to version 3.4.4 or later. For versions prior to 3.3.7, update to version 3.3.7 or later.