CVE-2024-47853

An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI...

CVE-2024-47853

An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI...

PT-2025-34770 · Mahara +1 · Mahara +1

Name of the Vulnerable Software and Affected Versions: Mahara versions 23.04.8 and 24.04.4 Description: An issue was discovered that may allow attackers to escalate privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI. Recommendations: Update to a newer...

CVE-2024-47853

An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI...

CVE-2024-47853

CVE-2024-47853 affects Mahara versions 23.04.8 and 24.04.4. The issue enables privilege escalation in certain cases during login when using Learning Tools Interoperability (LTI). CVSS 3.1 indicates high impact across confidentiality, integrity, and availability with network attack vector and low ...

PYSEC-2025-120

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...

PYSEC-2025-120

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...

CVE-2023-25574 JupyterHub's LTI13Authenticator: JWT signature not validated

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...

PT-2023-19073 · Open Edx · Lti Consumer Xblock

Name of the Vulnerable Software and Affected Versions: LTI Consumer XBlock versions 7.0.0 through 7.2.2 Description: The LTI Consumer XBlock implements the consumer side of the LTI specification, enabling integration of third-party LTI provider tools. Any LTI tool integrated with the Open edX...

UBUNTU-CVE-2022-45152

A blind Server-Side Request Forgery SSRF vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a...

PT-2022-20573 · Unknown · Lti 1.3 Tool Library

Name of the Vulnerable Software and Affected Versions: LTI 1.3 Tool Library versions prior to 5.0 Description: The issue concerns the Nonce Claim Value not being validated against the nonce value sent in the Authentication Request. This affects the LTI 1.3 Tool Library, a library used for buildin...

LTI 1.3 Tool Library 安全特征问题漏洞

The LTI 1.3 Tool Library is a library of LTI 1.3 tool providers for building IMS certifications in PHP. A security feature issue vulnerability exists in versions of the LTI 1.3 Tool Library prior to 5.0, which stems from the LTI 1.3 Tool Library is a library used to build LTI 1.3 tool providers f...

The vulnerability in the virtual learning environment Moodle arises from insufficient cleaning of data provided by users at the final authentication stage of LTI. This allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability in the virtual learning environment Moodle exists due to insufficient cleaning of data provided by users at the final authentication stage of LTI. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Moodle 输入验证错误漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. Moodle suffers from an input validation error vulnerability that stems from insufficient innocent handling of user-supplied data in th...

PT-2022-5980 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: A blind Server-Side Request Forgery SSRF vulnerability was found due to insufficient validation of user-supplied input in the LTI provider library. The library does not utilize Moodle's...