Information Disclosure

Moodle is vulnerable to information disclosure. Authenticated attackers can get sensitive personal contact information and unread message counts through a URL because the moodle/site:readallmessages capability is ignored...