关键漏洞信息 CVE编号 CVE-2025-67848 漏洞描述 Moodle: Authentication bypass via LTI Provider allows suspended users to gain unauthorized access. - 存在LTI Provider中的一个认证绕过问题,允许被暂停的用户进行认证。该漏洞源于LTI认证处理程序中未执行暂停状态,允许应被阻止的访问。 状态 NEW 优先级与严重程度 Priority: high Severity: high 影响版本 Version: unspecified OS: Linux 报告与修改时间 Reported: 2025-12-19 11:56 UTC Modified: 2025-12-19 12:01 UTC 指派与联系 Assignee: Product Security DevOps Team ``` 其他信息 Keywords: Security Depends On: 2423832, 2423833 Description: An authentication bypass issue in the LTI Provider allowed suspended users to authenticate. The flaw stemmed from missing enforcement of suspension state in LTI authentication handlers, permitting access that should have been blocked.