CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
Percentile
50.4%
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before
2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control
at the course level rather than at the activity level, which allows remote
authenticated users to bypass the mod/lti:view capability requirement by
viewing an activity instance.