Security Advisory

CVE-2024-52584

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-11-18 20:43:21

Last updated 2024-11-21 14:54:45

Assigner GitHub_M

State PUBLISHED

Description

Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the endpoint, which is not necessarily the class the submission is attached to. Version 3.0.2 contains a patch. No known workarounds are available.

← Browse all CVEs View on cve.org ↗