Autolab
CVE-2024-53258
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (github) · only source for this CVE.
CVSS VectorVendor: github
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit 1aa4c769 which is not yet in a release version, but is expected to be included in version 3.0.3. Users are advised to either manually patch or to wait for version 3.0.3. As a workaround administrators can disable the feature.
AnalysisAI
Autolab is a course management service that enables auto-graded programming assignments. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-359. Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit 1aa4c769 which is not yet in a release version, but is expected to be included in version 3.0.3. Users are advised to either manually patch or to wait for version 3.0.3. As a workaround administrators can disable the feature. Affected products include: Autolabproject Autolab. Version information: version 3.0.3..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0. Rated medium severity (CVSS 5.4
Autolab is a course management service that enables auto-graded programming assignments. Rated high severity (CVSS 7.2),
Autolab is a course management service that enables auto-graded programming assignments. Rated high severity (CVSS 7.2),
Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password
Autolab is a course management service that enables auto-graded programming assignments. Rated medium severity (CVSS 6.8
Autolab is a course management service that enables auto-graded programming assignments. Rated medium severity (CVSS 4.9
Autolab is a course management service that enables auto-graded programming assignments. Rated low severity (CVSS 1.2),
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today