Moodle is vulnerable to access restrictions being bypassed. Authenticated users can leverage the student role to bypass access restrictions and read the RSS feed for a forum. This is possible because mod/forum/rsslib.php
does not correctly implement the requirement for posting before reading a Q&A; forum.