Moodle is vulnerable to information disclosure. The library does not properly enforce the moodle/user:viewhiddendetails
capability in the report/outline/index.php
file. This allows a malicious user to view the username of the user that last accessed the activity report.