Description
lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy server.
Remediation
References
Related Vulnerabilities
Apache Tomcat Improper Locking Vulnerability (CVE-2019-10072)
WordPress Plugin WordPress Gallery-NextGEN Gallery Cross-Site Request Forgery (3.28)
osCommerce Incorrect Comparison Vulnerability (CVE-2020-23360)
Dolibarr Improper Authentication Vulnerability (CVE-2020-7995)
Oracle HTTP Server CVE-2022-21593 Vulnerability (CVE-2022-21593)