GHSA-8jrv-wx83-w3xj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8jrv-wx83-w3xj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/02/GHSA-8jrv-wx83-w3xj/GHSA-8jrv-wx83-w3xj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8jrv-wx83-w3xj
- Aliases
- Published
- 2026-02-03T12:30:29Z
- Modified
- 2026-02-12T09:25:58.120307Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Moodle Inserts Sensitive Information Into Sent Data
- Details
-
A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.
- Database specific
{ "nvd_published_at": "2026-02-03T11:15:56Z", "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2026-02-03T19:17:11Z", "cwe_ids": [ "CWE-201" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-67857
- https://github.com/moodle/moodle/commit/ac30e7e19357f696979b7ffd760a7131b6ad88f6
- https://github.com/moodle/moodle/commit/c6cb8d971257c04a12a2c5d8510a89cb906f46f0
- https://access.redhat.com/security/cve/CVE-2025-67857
- https://bugzilla.redhat.com/show_bug.cgi?id=2423868
- https://github.com/moodle/moodle
- https://moodle.org/mod/forum/discuss.php?d=471307
Affected packages
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.22
Affected versions
v2.*
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.3.10
v2.3.11
v2.4.0-rc1
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.4.10
v2.4.11
v2.5.0-beta
v2.5.0-rc1
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.6.0-beta
v2.6.0-rc1
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.6.9
v2.6.10
v2.6.11
v2.7.0-beta
v2.7.0-rc1
v2.7.0-rc2
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.7.10
v2.7.11
v2.7.12
v2.7.13
v2.7.14
v2.7.15
v2.7.16
v2.7.17
v2.7.18
v2.7.19
v2.7.20
v2.8.0-beta
v2.8.0-rc1
v2.8.0-rc2
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v2.8.10
v2.8.11
v2.8.12
v2.9.0-beta
v2.9.0-rc1
v2.9.0-rc2
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v2.9.5
v2.9.6
v2.9.7
v2.9.8
v2.9.9
v3.*
v3.0.0-beta
v3.0.0-rc1
v3.0.0-rc2
v3.0.0-rc3
v3.0.0-rc4
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.0.10
v3.1.0-beta
v3.1.0-rc1
v3.1.0-rc2
v3.1.0
v3.1.1
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.1.10
v3.1.11
v3.1.12
v3.1.13
v3.1.14
v3.1.15
v3.1.16
v3.1.17
v3.1.18
v3.2.0-beta
v3.2.0-rc1
v3.2.0-rc2
v3.2.0-rc3
v3.2.0-rc4
v3.2.0-rc5
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.3.0-beta
v3.3.0-rc1
v3.3.0-rc2
v3.3.0-rc3
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.4.0-beta
v3.4.0-rc1
v3.4.0-rc2
v3.4.0-rc3
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.5.0-beta
v3.5.0-rc1
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.5.8
v3.5.9
v3.5.10
v3.5.11
v3.5.12
v3.5.13
v3.5.14
v3.5.15
v3.5.16
v3.5.17
v3.5.18
v3.6.0-beta
v3.6.0-rc1
v3.6.0-rc2
v3.6.0-rc3
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.6.6
v3.6.7
v3.6.8
v3.6.9
v3.6.10
v3.7.0-beta
v3.7.0-rc1
v3.7.0-rc2
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.7.5
v3.7.6
v3.7.7
v3.7.8
v3.7.9
v3.8.0-beta
v3.8.0-rc1
v3.8.0
v3.8.1
v3.8.2
v3.8.3
v3.8.4
v3.8.5
v3.8.6
v3.8.7
v3.8.8
v3.8.9
v3.9.0-beta
v3.9.0-rc1
v3.9.0-rc2
v3.9.0-rc3
v3.9.0
v3.9.1
v3.9.2
v3.9.3
v3.9.4
v3.9.5
v3.9.6
v3.9.7
v3.9.8
v3.9.9
v3.9.10
v3.9.11
v3.9.12
v3.9.13
v3.9.14
v3.9.15
v3.9.16
v3.9.17
v3.9.18
v3.9.19
v3.9.20
v3.9.21
v3.9.22
v3.9.23
v3.9.24
v3.9.25
v3.10.0-beta
v3.10.0-rc1
v3.10.0-rc2
v3.10.0
v3.10.1
v3.10.2
v3.10.3
v3.10.4
v3.10.5
v3.10.6
v3.10.7
v3.10.8
v3.10.9
v3.10.10
v3.10.11
v3.11.0-beta
v3.11.0-rc1
v3.11.0-rc2
v3.11.0
v3.11.1
v3.11.2
v3.11.3
v3.11.4
v3.11.5
v3.11.6
v3.11.7
v3.11.8
v3.11.9
v3.11.10
v3.11.11
v3.11.12
v3.11.13
v3.11.14
v3.11.15
v3.11.16
v3.11.17
v3.11.18
v4.*
v4.0.0-beta
v4.0.0-rc1
v4.0.0-rc2
v4.0.0-rc3
v4.0.0-rc4
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.0.10
v4.0.11
v4.0.12
v4.1.0-beta
v4.1.0-rc1
v4.1.0-rc2
v4.1.0-rc3
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1.8
v4.1.9
v4.1.10
v4.1.11
v4.1.12
v4.1.13
v4.1.14
v4.1.15
v4.1.16
v4.1.17
v4.1.18
v4.1.19
v4.1.20
v4.1.21
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle