Polarlearn
Monthly
Authentication bypass in PolarLearn ≤0-PRERELEASE-15 allows unauthenticated remote attackers to gain authenticated session access as banned users without password verification. The flaw enables complete account takeover and unauthorized data access through a session generation vulnerability in the /api/v1/auth/sign-in endpoint. CVSS 9.2 (Critical) reflects network-based attack with low complexity and no authentication required. No public exploit identified at time of analysis, but exploitation is straightforward given the authentication bypass mechanism.
Privilege escalation in PolarLearn account-management module allows authenticated non-admin users to arbitrarily reset passwords and delete user accounts due to an inverted admin permission check in versions 0-PRERELEASE-14 and earlier. The inverted logic in setCustomPassword() and deleteUser() functions grants administrative capabilities to regular users while blocking legitimate administrators. With a CVSS score of 8.8 and network-based attack vector requiring only low-privilege authentication, this represents a critical account takeover risk. No public exploit identified at time of analysis, though the authentication bypass nature (per tags) makes exploitation straightforward once the flaw is understood.
Unauthenticated message injection in PolarLearn 0-PRERELEASE-16 and earlier allows remote attackers to send persistent messages to arbitrary group chats via the WebSocket API without credentials. Public exploit code exists for this vulnerability, which affects all users of vulnerable versions by enabling spam and potential information manipulation within group communications.
Email enumeration in PolarLearn through timing analysis of the login endpoint allows unauthenticated attackers to identify valid user accounts by observing response time differences between existing and non-existent users. The vulnerability stems from the server only performing expensive password hashing for registered accounts, creating a measurable timing side-channel. Public exploit code exists for this vulnerability affecting PolarLearn version 0-PRERELEASE-15 and earlier.
PolarLearn versions 0-PRERELEASE-15 and earlier lack proper state parameter validation in OAuth 2.0 authentication, enabling attackers to conduct login CSRF attacks against GitHub and Google login flows. An attacker can pre-authenticate a victim's session and trick them into logging into the attacker's account, causing the victim's data and academic progress to be stored on the attacker's account instead. Public exploit code exists for this vulnerability, and a patch is available.
PolarLearn versions prior to 0-PRERELEASE-15 fail to validate the `direction` parameter in the forum vote API endpoint, allowing authenticated attackers to submit arbitrary values that bypass business logic and corrupt vote data. Public exploit code exists for this vulnerability. The issue affects authenticated users who can manipulate voting behavior through improper input validation.
Authentication bypass in PolarLearn ≤0-PRERELEASE-15 allows unauthenticated remote attackers to gain authenticated session access as banned users without password verification. The flaw enables complete account takeover and unauthorized data access through a session generation vulnerability in the /api/v1/auth/sign-in endpoint. CVSS 9.2 (Critical) reflects network-based attack with low complexity and no authentication required. No public exploit identified at time of analysis, but exploitation is straightforward given the authentication bypass mechanism.
Privilege escalation in PolarLearn account-management module allows authenticated non-admin users to arbitrarily reset passwords and delete user accounts due to an inverted admin permission check in versions 0-PRERELEASE-14 and earlier. The inverted logic in setCustomPassword() and deleteUser() functions grants administrative capabilities to regular users while blocking legitimate administrators. With a CVSS score of 8.8 and network-based attack vector requiring only low-privilege authentication, this represents a critical account takeover risk. No public exploit identified at time of analysis, though the authentication bypass nature (per tags) makes exploitation straightforward once the flaw is understood.
Unauthenticated message injection in PolarLearn 0-PRERELEASE-16 and earlier allows remote attackers to send persistent messages to arbitrary group chats via the WebSocket API without credentials. Public exploit code exists for this vulnerability, which affects all users of vulnerable versions by enabling spam and potential information manipulation within group communications.
Email enumeration in PolarLearn through timing analysis of the login endpoint allows unauthenticated attackers to identify valid user accounts by observing response time differences between existing and non-existent users. The vulnerability stems from the server only performing expensive password hashing for registered accounts, creating a measurable timing side-channel. Public exploit code exists for this vulnerability affecting PolarLearn version 0-PRERELEASE-15 and earlier.
PolarLearn versions 0-PRERELEASE-15 and earlier lack proper state parameter validation in OAuth 2.0 authentication, enabling attackers to conduct login CSRF attacks against GitHub and Google login flows. An attacker can pre-authenticate a victim's session and trick them into logging into the attacker's account, causing the victim's data and academic progress to be stored on the attacker's account instead. Public exploit code exists for this vulnerability, and a patch is available.
PolarLearn versions prior to 0-PRERELEASE-15 fail to validate the `direction` parameter in the forum vote API endpoint, allowing authenticated attackers to submit arbitrary values that bypass business logic and corrupt vote data. Public exploit code exists for this vulnerability. The issue affects authenticated users who can manipulate voting behavior through improper input validation.