Moodle Permissions Privileges and Access Controls Vulnerability - CVE-2012-6100
report/outline/index.php in Moodle 2.2.x before 2.2.7 2.3.x before 2.3.4 and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report.