CVE-2022-31158

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.
Configurations

Configuration 1 (hide)

cpe:2.3:a:packback:lti_1.3_tool_library:*:*:*:*:*:*:*:*

History

24 Jul 2023, 13:08

Type Values Removed Values Added
CWE CWE-327 CWE-294

Information

Published : 2022-07-15 18:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-31158

Mitre link : CVE-2022-31158

CVE.ORG link : CVE-2022-31158


JSON object : View

Products Affected

packback

  • lti_1.3_tool_library
CWE
CWE-294

Authentication Bypass by Capture-replay