Moodle is vulnerable to information disclosure. The moodle/course:viewhiddencourses
capability is not taken into account before listing hidden courses to authenticated users. Using this flaw, authenticated attackers can find names and summary information about courses.