Home > Vulnerability Database > CVE-2024-22209

Mend.io Vulnerability Database

CVE-2024-22209

Date: January 13, 2024

Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.

Language: Python

Severity Score

6.4

Related Resources (5)

Url: https://github.com/openedx/edx-platform/security/advisories/GHSA-qx8m-mqx3-j9fm

Url: https://github.com/openedx/edx-platform/commit/019888f3d15beaebcb7782934f6c43b0c2b3735e

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-22209

Url: https://github.com/openedx/edx-platform/blob/0b3e4d73b6fb6f41ae87cf2b77bca12052ee1ac8/lms/djangoapps/courseware/block_render.py#L752-L775

Url: https://www.mend.io/vulnerability-database/CVE-2024-22209

Severity Score

6.4

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-22209

Date: January 13, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?