Description
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule.
Remediation
References
Related Vulnerabilities
MySQL CVE-2012-3197 Vulnerability (CVE-2012-3197)
Grafana Incorrect Authorization Vulnerability (CVE-2022-21713)
Envoy Proxy Use After Free Vulnerability (CVE-2021-43825)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-0057)
WordPress Plugin Contact Form Email Cross-Site Scripting (1.3.24)