34 matches found
Moodle 3.8-3.10.3 - Reflected XSS & Open Redirect
Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 contain a reflected XSS and open redirect caused by insufficient sanitization of the redirect URI in the LTI authorization endpoint, letting attackers execute scripts or redirect users maliciously, exploit requires crafted URL with...
CVE-2026-34052
LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...
EUVD-2026-18893
LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage Denial of Service...
LTI JupyterHub Authenticator 安全漏洞
LTI JupyterHub Authenticator is an open-source LTI-based authentication service for JupyterHub. Versions of LTI JupyterHub Authenticator prior to 1.6.3 contained a security vulnerability. This vulnerability stemmed from the unlimited growth of OAuth random numbers, which could lead to...
PT-2026-30253
LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...
GHSA-J5JV-W5CW-J9FF Moodle authentication bypass vulnerability
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access...
Moodle authentication bypass vulnerability
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access...
CVE-2025-67848
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access...
CVE-2025-67848
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access...
CVE-2025-67848
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access...
UBUNTU-CVE-2025-67848
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access...
CVE-2025-67848
CVE-2025-67848 affects Moodle. A flaw in the LTI Provider authentication flow allows suspended users to authenticate, because the LTI authentication handlers fail to enforce the user’s suspension status. Implication: unauthorized access that could lead to information disclosure or other restricte...
CVE-2025-67848 Moodle: moodle: authentication bypass via lti provider allows suspended users to gain unauthorized access.
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access...
EUVD-2025-206738
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access...
CVE-2025-67848
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access...
PT-2026-5958
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw exists in Moodle that allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue stems from LTI authentication handlers not enforcing use...
Moodle 安全漏洞
Moodle is an open-source e-learning software platform developed by Moodle. It is also known as a course management system, learning management system, or virtual learning environment. Moodle has security vulnerabilities. These vulnerabilities stem from the fact that the LTI authentication...
CVE-2025-67848
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability LTI Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access...
EUVD-2024-54912
Malicious code in bioql PyPI...
CVE-2024-47853
An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI...