Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2011-4279

Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine as demonstrated by the search functionality of Google Yahoo Wrensoft Zoom MSN Yandex and AltaVista.