Primary

Context

Moodle Partial Data Exposure Vulnerability Before Two-Factor Authentication Completion

Vulnerability

Patched

A vulnerability in Moodle allows users to access sensitive information about other students before fully verifying their identities with two-factor authentication (2FA). This issue affects Moodle versions 4.5 prior to 4.5.4, 4.4 prior to 4.4.8, and 4.3 prior to 4.3.12.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive student information, bypassing the second factor of two-factor authentication.

Remediation

Users can upgrade to Moodle versions 4.5.4, 4.4.8, or 4.3.12 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Partial Data Exposure Vulnerability Before Two-Factor Authentication Completion

Vulnerability

Impact

Remediation

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating