CVE-2022-31158

EPSS 0.3%
Veröffentlicht 15.07.2022 18:15:08
Zuletzt bearbeitet 21.11.2024 07:04:01
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Packback ≫ Lti 1.3 Tool Library Version < 5.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.529

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-294 Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

https://github.com/packbackbooks/lti-1-3-php-library/security/advisories/GHSA-5p73-qg2v-383h

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-31158

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31158

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31158

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-31158