CVE-2021-43129

Name of the Vulnerable Software and Affected Versions Desire2Learn/D2L Learning Management System (LMS) version 20.21.7

Description A bypass exists in the quizzing feature of Desire2Learn/D2L Brightspace, allowing a quiz-taker to access print and copy functionality via the browser's right click menu even when the "Disable Right Click" option is enabled. This is due to an Access Control issue that enables a remote malicious user to disable the "Disable right click" control.

Recommendations For version 20.21.7, consider disabling the quizzing feature temporarily until a patch is available to prevent exploitation of the Access Control vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.