CVE-2021-24562 (GCVE-0-2021-24562)

Vulnerability from cvelistv5 – Published: 2021-08-23 11:10 – Updated: 2024-08-03 19:35
VLAI?
Title
LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR
Summary
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades
Severity ?
No CVSS data available.
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
Unknown LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress Affected: 4.21.2 , < 4.21.2 (custom)
Create a notification for this product.
Credits
Amirmuhammad vakili
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:35:20.173Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.21.2",
              "status": "affected",
              "version": "4.21.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Amirmuhammad vakili"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-23T11:10:14",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "LifterLMS \u003c 4.21.2 - Access Other Student Grades/Answers via IDOR",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24562",
          "STATE": "PUBLIC",
          "TITLE": "LifterLMS \u003c 4.21.2 - Access Other Student Grades/Answers via IDOR"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.21.2",
                            "version_value": "4.21.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Amirmuhammad vakili"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00"
            },
            {
              "name": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/",
              "refsource": "MISC",
              "url": "https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24562",
    "datePublished": "2021-08-23T11:10:14",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:35:20.173Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:lifterlms:lifterlms:*:*:*:*:*:wordpress:*:*\", \"versionEndExcluding\": \"4.21.2\", \"matchCriteriaId\": \"4AC87FC4-B105-4534-8A21-8BC0026F35A0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The LMS by LifterLMS \\u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades\"}, {\"lang\": \"es\", \"value\": \"El plugin LMS by LifterLMS - Online Course, Membership \u0026amp; Learning Management System para WordPress versiones anteriores a 4.21.2, estaba afectado por un problema de tipo IDOR, permitiendo a estudiantes ver las respuestas y calificaciones de otros estudiantes.\"}]",
      "id": "CVE-2021-24562",
      "lastModified": "2024-11-21T05:53:18.540",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-08-23T12:15:10.197",
      "references": "[{\"url\": \"https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/\", \"source\": \"contact@wpscan.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00\", \"source\": \"contact@wpscan.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "contact@wpscan.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"contact@wpscan.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-639\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-639\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-24562\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2021-08-23T12:15:10.197\",\"lastModified\":\"2024-11-21T05:53:18.540\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The LMS by LifterLMS \u2013 Online Course, Membership \u0026 Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades\"},{\"lang\":\"es\",\"value\":\"El plugin LMS by LifterLMS - Online Course, Membership \u0026amp; Learning Management System para WordPress versiones anteriores a 4.21.2, estaba afectado por un problema de tipo IDOR, permitiendo a estudiantes ver las respuestas y calificaciones de otros estudiantes.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"contact@wpscan.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:lifterlms:lifterlms:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"4.21.2\",\"matchCriteriaId\":\"4AC87FC4-B105-4534-8A21-8BC0026F35A0\"}]}]}],\"references\":[{\"url\":\"https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://make.lifterlms.com/2021/05/17/lifterlms-version-4-21-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/d45bb744-4a0d-4af0-aa16-71f7e3ea6e00\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.