CVE-2022-31158

Published: Jul 15, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.

Affected (1)

Products: Packback: Lti 1.3 Tool Library

1 product

Lti 1.3 Tool Library

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Packback Lti 1.3 Tool Library	Before 5.0.0

Related CWEs

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (2)

https://github.com/packbackbooks/lti-1-3-php-library/security/advisories/GHSA-5p73-qg2v-383h

Source: security-advisories@github.com

Third Party Advisory

https://github.com/packbackbooks/lti-1-3-php-library/security/advisories/GHSA-5p73-qg2v-383h

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.