Lucene search
K

4 matches found

OSV
OSV
added 2024/08/30 6:47 p.m.9 views

GHSA-7J9P-67MM-5G87 LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability

Problem TL;DR: Any LTI tool that is integrated with on the Open edX platform can post a grade back for any LTI XBlock so long as it knows or can guess the block location for that XBlock. In LTI 1.3, LTI tools can "pass back" scores that learners earn while using LTI tools to the edX platform. The...

3.7CVSS5.3AI score0.00384EPSS
Exploits0References5
Prion
Prion
added 2023/01/26 9:18 p.m.25 views

Authorization

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

5.5CVSS5.5AI score0.00384EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/01/25 5:39 a.m.38 views

CVE-2023-23611 xblock-lti-consumer contain Missing Authorization in Grade Pass Back Implementation

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

5.4CVSS5.6AI score0.00384EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/25 12:0 a.m.6 views

PT-2023-19073 · Open Edx · Lti Consumer Xblock

Name of the Vulnerable Software and Affected Versions: LTI Consumer XBlock versions 7.0.0 through 7.2.2 Description: The LTI Consumer XBlock implements the consumer side of the LTI specification, enabling integration of third-party LTI provider tools. Any LTI tool integrated with the Open edX...

5.4CVSS7.4AI score0.00384EPSS
Exploits0References9
Rows per page
Query Builder