CVE-2021-43129

MEDIUM

Desire2Learn/D2L Brightspace - Auth Bypass

Title source: llm

Description

A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right click menu even when “Disable Right Click” is enabled on the quiz.

Exploits (1)

nomisec WRITEUP 2 stars

by Skotizo · poc

https://github.com/Skotizo/CVE-2021-43129

View Code ZIP pw:eip

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://www.d2l.com/learning-management-system-lms/

Exploit, Third Party Advisory x_refsource_misc

https://github.com/Skotizo/CVE-2021-43129

Vendor Advisory x_refsource_misc

https://community.brightspace.com/s/article/retirement-notice-disable-right-click

Scores

CVSS v3 6.5

EPSS 0.0485

EPSS Percentile 89.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

Status published

Products (1)

d2l/brightspace 20.21.7

Published Apr 19, 2022

Tracked Since Feb 18, 2026