Moodle is vulnerable to course name disclosure. Authenticated attackers can leverage a flaw in admin/tool/monitor/lib.php
to find hidden course names by subscribing to rules. These attacks are possible because moodle ignores the moodle/course:viewhiddencourses
capability.