Lucene search

[email protected]CVE-2020-24381

HistoryAug 19, 2020 - 12:15 p.m.

CVE-2020-24381

2020-08-1912:15:11

CWE-200

[email protected]

web.nvd.nist.gov

cve-2020-24381

gunet open eclass platform

openeclass

remote attackers

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%

JSON

GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students’ submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default.

Affected configurations

NVD

Node

gunetopen_eclass_platformRange<3.11

CPENameOperatorVersion
gunet:open_eclass_platformgunet open eclass platformlt3.11

CPE	Name	Operator	Version
gunet:open_eclass_platform	gunet open eclass platform	lt	3.11

References

emaragkos.gr/cve-2020-24381/

github.com/gunet/openeclass/issues/39

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for CVE-2020-24381

nvd1 osv1 cvelist1 prion1