Primary

Context

Moodle Anonymous Assignment De-Anonymization Vulnerability

Vulnerability

Patched

A vulnerability exists in Moodle versions 4.5 to 4.5.3, allowing for the de-anonymization of anonymous assignment submissions. This issue arises from a lack of proper capability checks, enabling teachers to identify students' identities through the submissions search feature.

Impact

Exploitation of this vulnerability exposes the identities of students who submitted assignments anonymously.

Remediation

Users can upgrade to Moodle version 4.5.4 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle Anonymous Assignment De-Anonymization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating