CVE-2023-44395

Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:autolabproject:autolab:*:*:*:*:*:*:*:*

History

29 Jan 2024, 17:33

Type Values Removed Values Added
References () https://github.com/autolab/Autolab/releases/tag/v2.12.0 - () https://github.com/autolab/Autolab/releases/tag/v2.12.0 - Release Notes
References () https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/ - () https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/ - Technical Description
References () https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx - () https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx - Vendor Advisory
CPE cpe:2.3:a:autolabproject:autolab:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
First Time Autolabproject autolab
Autolabproject

22 Jan 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-22 15:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-44395

Mitre link : CVE-2023-44395

CVE.ORG link : CVE-2023-44395


JSON object : View

Products Affected

autolabproject

  • autolab
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')