Tony Levi

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.2.11 and earlier, 2.3.x before 2.3.10, 2.4.x before 2.4.7, 2.5.x before 2.5.3 **Description** The issue allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy server, due to the lack of "Cache-Control: private" HTTP headers. **Recommendations** For versions 2.2.11 and earlier, update to version 2.2.12 or later. For versions 2.3.x before 2.3.10, update to version 2.3.10 or later. For versions 2.4.x before 2.4.7, update to version 2.4.7 or later. For versions 2.5.x before 2.5.3, update to version 2.5.3 or later.