Cyber Resilience

CVE-2022-28986

HighPublic PoC

Published: 10 May 2022

Published
10 May 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0630 91.1th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-28986 is a high-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Lmsdoctor 2 Factor Authentication. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 8.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The LMS Doctor Simple 2 Factor Authentication Plugin for Moodle version 2021072900 contains an insecure direct object references vulnerability tracked as CVE-2022-28986. The flaw is rated 7.5 under CVSS 3.1 and is associated with CWE-639, allowing unauthorized manipulation of user records through the affected component.

Remote attackers can exploit the vulnerability without authentication or user interaction to update sensitive fields such as email addresses, passwords, and phone numbers on arbitrary accounts.

The supplied references include a public proof-of-concept repository but contain no advisory statements or patch guidance. The EPSS score shows a flat trajectory with both current and peak values at 0.0630.

EU & UK References

Vulnerability details

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

lmsdoctor
2 factor authentication
2021072900

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-639

Per-request decision making makes it harder to bypass authorization using user-controlled keys without proper validation in the decision process.

addresses: CWE-639

Consistent enforcement of approved authorizations makes bypassing via user-controlled keys ineffective.

References