GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default.
References
Link | Resource |
---|---|
https://emaragkos.gr/cve-2020-24381/ | Third Party Advisory |
https://github.com/gunet/openeclass/issues/39 | Exploit Issue Tracking Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-08-19T11:50:17
Updated: 2021-09-10T03:03:39
Reserved: 2020-08-17T00:00:00
Link: CVE-2020-24381
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-08-19T12:15:11.340
Modified: 2022-04-30T02:34:53.617
Link: CVE-2020-24381
JSON object: View
Redhat Information
No data.
CWE