Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue.
References
Link | Resource |
---|---|
https://github.com/autolab/Autolab/releases/tag/v2.12.0 | Release Notes |
https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx | Vendor Advisory |
https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/ | Technical Description |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-01-22T14:51:14.371Z
Updated: 2024-01-22T14:51:14.371Z
Reserved: 2023-09-28T17:56:32.614Z
Link: CVE-2023-44395
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-22T15:15:08.037
Modified: 2024-01-29T17:33:31.320
Link: CVE-2023-44395
JSON object: View
Redhat Information
No data.
CWE