Vulnerability Details : CVE-2021-43129
A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right click menu even when “Disable Right Click” is enabled on the quiz.
Exploit prediction scoring system (EPSS) score for CVE-2021-43129
Probability of exploitation activity in the next 30 days: 0.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 41 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-43129
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.9
|
2.5
|
NIST |
CWE ids for CVE-2021-43129
-
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-43129
-
https://www.d2l.com/learning-management-system-lms/
Learning Management System | LMS Software Training Platform | What is an LMS?Vendor Advisory
-
https://github.com/Skotizo/CVE-2021-43129
GitHub - Skotizo/CVE-2021-43129: Vulnerability in version 20.21.7 of D2L Learning Management System (LMS)Exploit;Third Party Advisory
-
https://community.brightspace.com/s/article/retirement-notice-disable-right-click
Article DetailVendor Advisory
Products affected by CVE-2021-43129
- cpe:2.3:a:d2l:brightspace:20.21.7:*:*:*:*:*:*:*