Severity by source
AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16.
AnalysisAI
Predictable token generation in RELATE courseware allows remote attackers to forge authentication and exam access tokens. The vulnerability affects two critical security functions: make_sign_in_key() in auth.py (user authentication) and gen_ticket_code() in exam.py (exam access control). Weak pseudorandom number generation (CWE-338) enables attackers with high complexity to bypass authentication mechanisms and gain unauthorized access to exams with potential for integrity and availability compromise across security boundaries (CVSS scope change). Patched in commit 2f68e16. EPSS data not available; no public exploit identified at time of analysis.
Technical ContextAI
RELATE is a web-based courseware platform (cpe:2.3:a:inducer:relate) used for course management and online examinations. The vulnerability stems from CWE-338 (Use of Cryptographically Weak Pseudo-Random Number Generator), where token generation functions rely on insufficiently random or predictable entropy sources. Authentication tokens generated by make_sign_in_key() control user session establishment, while exam ticket codes from gen_ticket_code() grant access to timed exam sessions. Predictable PRNG output allows attackers to enumerate or predict valid tokens through statistical analysis or brute-force attempts with reduced computational effort compared to cryptographically secure random generation. The commit 2f68e16cd3b96d25c188c1aa3f7e13cdb15cdaeb replaced weak PRNG implementations, evidenced by significant code removal in auth.py parameter handling and exam.py token generation logic.
RemediationAI
Update RELATE to commit 2f68e16cd3b96d25c188c1aa3f7e13cdb15cdaeb or later, which replaces weak PRNG implementations with cryptographically secure random generation. Patch available at https://github.com/inducer/relate/commit/2f68e16cd3b96d25c188c1aa3f7e13cdb15cdaeb. For environments unable to immediately patch, implement compensating controls: (1) Rotate all existing authentication tokens and exam tickets to invalidate potentially compromised credentials-disrupts active sessions but prevents token reuse. (2) Enable aggressive rate limiting on authentication endpoints (10 attempts per IP per hour) to increase computational cost of token prediction attacks-may impact legitimate users in shared network environments. (3) Implement anomalous authentication pattern detection (multiple failed token validations, rapid token enumeration attempts) with temporary IP blocking-requires log analysis infrastructure. (4) Restrict exam access windows to shortest practical duration and invalidate tickets immediately upon exam completion-reduces window for ticket prediction but may affect students with technical difficulties. None of these workarounds address root cause; upgrade remains essential for production environments hosting sensitive assessments.
An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to t
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execut
Timing attack vulnerability in RELATE's authentication module allows remote unauthenticated attackers to infer valid sig
Remote code execution in RELATE LMS (the inducer/relate web courseware platform) stems from its Celery task queue being
Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execut
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28379