Missing Authorization

2023-02-0204:55:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

lti_consumer_xblock

missing authorization

signals.py

lti tool

platform

software

EPSS

0.001

Percentile

23.5%

JSON

lti_consumer_xblock is vulnerable to Missing Authorization. The vulnerability exists in signals.py because of the lack of security validation in the LTI Tool which allows attackers to submit scores for any LTI XBlock on the platform using the malicious LTI tool.