CVE-2022-31157 Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library

2022-07-1517:15:21

CWE-327

GitHub_M

www.cve.org

cve-2022-31157

cryptographic algorithm

lti 1.3

php

upgrade

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

31.8%

JSON

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.

CNA Affected

[
  {
    "product": "lti-1-3-php-library",
    "vendor": "packbackbooks",
    "versions": [
      {
        "status": "affected",
        "version": "< 5.0"
      }
    ]
  }
]