CVE-2019-10154

A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user’s conversations.
Source: NIST
CVE-2019-10154