Home > Vulnerability Database > CVE-2024-47820

Mend.io Vulnerability Database

CVE-2024-47820

Date: November 18, 2024

MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file permissions. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.

Language: Ruby

Severity Score

5.7

Related Resources (4)

Url: https://github.com/MarkUsProject/Markus/security/advisories/GHSA-wq6v-vx8c-8fj8

Url: https://github.com/MarkUsProject/Markus/pull/7026

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47820

Url: https://www.mend.io/vulnerability-database/CVE-2024-47820

Severity Score

5.7

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47820

Date: November 18, 2024

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?