Moodle User Identifier Exposure Vulnerability During Anonymous Assignment Submissions

Vulnerability

A data exposure vulnerability has been identified in Moodle, where user identifiers were unintentionally revealed in URLs during anonymous assignment submissions. This exposure allows unauthorized individuals to access internal user IDs, undermining the intended anonymity and potentially leading to unauthorized information disclosure.

Impact

The vulnerability could result in the unauthorized disclosure of internal user IDs, compromising user anonymity and potentially allowing for further information leakage.

Added: Feb 3, 2026, 11:21 AM

Updated: Feb 3, 2026, 5:28 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

5.0

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Moodle User Identifier Exposure Vulnerability During Anonymous Assignment Submissions

Vulnerability

Impact

Affected Products

Moodle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating