Lucene search

[email protected]CVE-2021-43129

HistoryApr 19, 2022 - 1:15 p.m.

CVE-2021-43129

2022-04-1913:15:08

[email protected]

web.nvd.nist.gov

cve-2021-43129

desire2learn

d2l brightspace

security bypass

quiz

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

41.5%

JSON

A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right click menu even when “Disable Right Click” is enabled on the quiz.

Affected configurations

NVD

Node

d2lbrightspaceMatch20.21.7

CPENameOperatorVersion
d2l:brightspaced2l brightspaceeq20.21.7

CPE	Name	Operator	Version
d2l:brightspace	d2l brightspace	eq	20.21.7

References

community.brightspace.com/s/article/retirement-notice-disable-right-click

github.com/Skotizo/CVE-2021-43129

www.d2l.com/learning-management-system-lms/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

41.5%

JSON

Related for CVE-2021-43129

prion1 cvelist1 cnvd1 nvd1