108 matches found
CVE-2022-0936
Cross-site Scripting XSS - Stored in GitHub repository autolab/autolab prior to 2.8.0...
CVE-2024-53260
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...
CVE-2024-53260
CVE-2024-53260 concerns Autolab, a course management service. A vulnerability allows a user to inject a CSV-formula via their first/last name; when an instructor downloads and opens a roster, the injected formula is evaluated, potentially leaking student information to a remote endpoint. Technica...
CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...
CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...
Autolab 安全漏洞
Autolab is an open source course management service from Autolab. It supports automatically graded programming assignments. A security vulnerability exists in Autolab 3.0.2 and prior versions that stems from the ability of users to change their first or last name, which could lead to the disclosu...
PT-2024-35698 · Autolab · Autolab
Name of the Vulnerable Software and Affected Versions: Autolab affected versions not specified Description: Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When ...
CVE-2024-53258
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...
CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...
CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...
CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...
CVE-2024-53258
CVE-2024-53258 affects Autolab, a course management service for auto-graded programming assignments. From v3.0.0, the existing download_all_submissions feature allows a logged-in user to download all submissions from another student, potentially leaking submissions to unauthorized users (includin...
Autolab 安全漏洞
Autolab is an open source course management service from Autolab. It supports automatically graded programming assignments. A security vulnerability exists in Autolab version 3.0.0 that stems from the ability of students to download all assignments from other students using the...
PT-2024-35697 · Autolab · Autolab
Name of the Vulnerable Software and Affected Versions: Autolab versions 3.0.0 through 3.0.2 Description: Autolab is a course management service that enables auto-graded programming assignments. The issue allows students to download all assignments from another student, as long as they are logged...
CVE-2024-52584
Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs hav...
CVE-2024-52585
Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing...
CVE-2024-52585 Autolab has HTML Injection Vulnerability
Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing...
CVE-2024-52585
Autolab CVE-2024-52585 affects Autolab 3.0.1 with an HTML injection vulnerability on the grade submissions page that can impact instructors and CAs. The issue is mitigated by upgrading to 3.0.2 or applying the patch manually: edit line 589 in gradesheet.js.erb to take in feedback as text rather t...
CVE-2024-52585 Autolab has HTML Injection Vulnerability
Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing...
CVE-2024-52585 Autolab has HTML Injection Vulnerability
Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing...