CVE-2021-43129

MEDIUM

Desire2Learn/D2L Brightspace - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-43129. PoCs published by Skotizo.

AI-analyzed exploit summary This repository documents CVE-2021-43129, a vulnerability in D2L Brightspace LMS where the 'Disable Right Click' setting can be bypassed by removing specific GET parameters from the quiz URL. The exploit allows users to regain privileges such as text highlighting, copying, and printing.

Description

A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right click menu even when “Disable Right Click” is enabled on the quiz.

Exploits (1)

nomisec WRITEUP 2 stars
by Skotizo · poc
https://github.com/Skotizo/CVE-2021-43129

This repository documents CVE-2021-43129, a vulnerability in D2L Brightspace LMS where the 'Disable Right Click' setting can be bypassed by removing specific GET parameters from the quiz URL. The exploit allows users to regain privileges such as text highlighting, copying, and printing.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: D2L Brightspace LMS 20.21.7
Auth required
Prerequisites: Access to a quiz URL with 'Disable Right Click' enabled
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.d2l.com/learning-management-system-lms/
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Skotizo/CVE-2021-43129

Scores

CVSS v3 6.5
EPSS 0.0169
EPSS Percentile 74.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

Status published
Products (1)
d2l/brightspace 20.21.7
Published Apr 19, 2022
Tracked Since Feb 18, 2026