Metrics
Affected Vendors & Products
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Tue, 19 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Mon, 18 Nov 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the endpoint, which is not necessarily the class the submission is attached to. Version 3.0.2 contains a patch. No known workarounds are available. | |
Title | Autolab has vulnerable submission endpoints | |
Weaknesses | CWE-863 | |
References |
| |
Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-18T20:43:21.893Z
Updated: 2024-11-21T14:54:45.418Z
Reserved: 2024-11-14T15:05:46.766Z
Link: CVE-2024-52584
Updated: 2024-11-19T15:33:08.397Z
Status : Awaiting Analysis
Published: 2024-11-18T21:15:07.047
Modified: 2024-11-21T15:15:34.693
Link: CVE-2024-52584
No data.