Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue.
References
Link | Resource |
---|---|
https://github.com/autolab/Autolab/releases/tag/v2.12.0 | Release Notes |
https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx | Vendor Advisory |
https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/ | Technical Description |
Configurations
History
29 Jan 2024, 17:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/autolab/Autolab/releases/tag/v2.12.0 - Release Notes | |
References | () https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/ - Technical Description | |
References | () https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx - Vendor Advisory | |
CPE | cpe:2.3:a:autolabproject:autolab:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Autolabproject autolab
Autolabproject |
22 Jan 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-22 15:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-44395
Mitre link : CVE-2023-44395
CVE.ORG link : CVE-2023-44395
JSON object : View
Products Affected
autolabproject
- autolab
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')