Lucene search

GitHub_MCVE-2023-44395

HistoryJan 22, 2024 - 3:15 p.m.

CVE-2023-44395

2024-01-2215:15:08

CWE-22

GitHub_M

web.nvd.nist.gov

autolab

course management

path traversal

vulnerability

nvd

cve-2023-44395

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON

Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab’s assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue.

Affected configurations

Nvd

Vulners

Node

autolabprojectautolabRange<2.12.0

VendorProductVersionCPE
autolabprojectautolab*cpe:2.3:a:autolabproject:autolab:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
autolabproject	autolab	*	cpe:2.3:a:autolabproject:autolab::::::::

CNA Affected

[
  {
    "vendor": "autolab",
    "product": "Autolab",
    "versions": [
      {
        "version": "< 2.12.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/autolab/Autolab/releases/tag/v2.12.0

github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx

www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

30.7%

JSON

Related for CVE-2023-44395