CVE-2024-51499

MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (e.g. students) to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.

CVSS

No CVSS.

References

Link	Resource
https://github.com/MarkUsProject/Markus/pull/7026
https://github.com/MarkUsProject/Markus/security/advisories/GHSA-j95p-7936-f75w

Configurations

No configuration.

History

19 Nov 2024, 21:57

Type	Values Removed	Values Added
Summary		(es) MarkUs es una aplicación web para el envío y calificación de tareas de estudiantes. En versiones anteriores a la 2.4.8, una vulnerabilidad de escritura de archivos arbitrarios accesible a través del método update_files de SubmissionsController permite a los usuarios autenticados (por ejemplo, estudiantes) escribir archivos arbitrarios en cualquier ubicación del servidor web en el que se ejecuta MarkUs (según los permisos del sistema de archivos subyacente). Esto puede provocar una ejecución de código remoto retrasada en caso de que un atacante pueda escribir un archivo Ruby en la subcarpeta config/initializers/ de la aplicación Ruby on Rails. MarkUs v2.4.8 ha solucionado este problema. No hay workarounds disponibles a nivel de aplicación aparte de la actualización.

18 Nov 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-18 20:15

Updated : 2024-11-19 21:57

NVD link : CVE-2024-51499

Mitre link : CVE-2024-51499

CVE.ORG link : CVE-2024-51499

JSON object : View

Products Affected

No product.

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2024-51499", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 7.1, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-11-18T20:15:05.760", "references": [{"url": "https://github.com/MarkUsProject/Markus/pull/7026", "source": "security-advisories@github.com"}, {"url": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-j95p-7936-f75w", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (e.g. students) to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading."}, {"lang": "es", "value": "MarkUs es una aplicaci\u00f3n web para el env\u00edo y calificaci\u00f3n de tareas de estudiantes. En versiones anteriores a la 2.4.8, una vulnerabilidad de escritura de archivos arbitrarios accesible a trav\u00e9s del m\u00e9todo update_files de SubmissionsController permite a los usuarios autenticados (por ejemplo, estudiantes) escribir archivos arbitrarios en cualquier ubicaci\u00f3n del servidor web en el que se ejecuta MarkUs (seg\u00fan los permisos del sistema de archivos subyacente). Esto puede provocar una ejecuci\u00f3n de c\u00f3digo remoto retrasada en caso de que un atacante pueda escribir un archivo Ruby en la subcarpeta config/initializers/ de la aplicaci\u00f3n Ruby on Rails. MarkUs v2.4.8 ha solucionado este problema. No hay workarounds disponibles a nivel de aplicaci\u00f3n aparte de la actualizaci\u00f3n."}], "lastModified": "2024-11-19T21:57:32.967", "sourceIdentifier": "security-advisories@github.com"}