Primary

Context

Moodle Insufficient Capability Check Vulnerability in Grade Reports Allowing Unauthorized Access to Hidden Grades

Vulnerability

Patched

A vulnerability exists in Moodle due to inadequate capability checks in certain grade reports. This flaw enables users without the necessary permissions to view hidden grades. The issue affects Moodle versions 4.5 prior to 4.5.3, 4.4 prior to 4.4.7, 4.3 prior to 4.3.11, 4.1 prior to 4.1.17, and earlier unsupported versions.

Impact

Exploitation of this vulnerability allows unauthorized users to access hidden grades, potentially leading to unfair academic advantages or breaches of privacy.

Remediation

Users can upgrade to Moodle versions 4.5.3, 4.4.7, 4.3.11, or 4.1.17 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Insufficient Capability Check Vulnerability in Grade Reports Allowing Unauthorized Access to Hidden Grades

Vulnerability

Impact

Remediation

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating