4.3
CVE-2025-3628
- EPSS 0.04%
- Published 25.04.2025 14:42:45
- Last modified 29.04.2025 13:52:28
- Source patrick@puiterwijk.org
- Teams watchlist Login
- Open Login
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://git.moodle.org
≫
Package
moodle
Default Statusunaffected
Version <
4.5.4
Version
4.5.0
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.131 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| patrick@puiterwijk.org | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.