2024-10-25 12:50:33
GitHub_M
PUBLISHED
Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users accounts by resetting their passwords. This issue is fixed in version 3.0.1. No known workarounds exist.