CVE-2024-52584 – Autolab Course Management Unauthorized Grade Modification

11月 18, 2024
10:17 pm

CVE ID : CVE-2024-52584

Published : Nov. 18, 2024, 9:15 p.m. | 1 hour, 2 minutes ago

Description : Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the endpoint, which is not necessarily the class the submission is attached to. Version 3.0.2 contains a patch. No known workarounds are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-52584 – Autolab Course Management Unauthorized Grade Modification

Elvescore.io

Recent Posts

CVE-2023-7300 – Huawei Home Music System Path Traversal Vulnerability

CVE-2024-12943 – “CodeAstro House Rental Management System SQL Injection Vulnerability”

CVE-2024-12944 – CodeAstro House Rental Management System SQL Injection

CVE-2024-56433 – “Shadow Utilities Default Subuid Conflict Vulnerability”

CVE-2024-12941 – CodeAstro Blood Donor Management System SQL Injection Vulnerability

CVE-2024-12942 – 1000 Projects Portfolio Management System MCA SQL Injection Vulnerability

CVE-2024-52584 – Autolab Course Management Unauthorized Grade Modification

CVE-2024-52584 – Autolab Course Management Unauthorized Grade Modification