Moodle is vulnerable to information disclosure through privilege escalation attacks. Sensitive information from hidden fields is accessible to authenticated users when a user with the Teacher
role navigates to the Enrolled users
page in user settings.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923
openwall.com/lists/oss-security/2012/05/23/2
github.com/moodle/moodle/commit/8dd4ccfbb33c5b893f44267a88cef20360fb7dd9
github.com/moodle/moodle/commit/a645b79113b2ee7881b6bdae64a0c2a9f04db5c7
security-tracker.debian.org/tracker/CVE-2012-2353