Home > Vulnerability Database > CVE-2024-53258

Mend.io Vulnerability Database

CVE-2024-53258

Date: November 25, 2024

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit "1aa4c769" which is not yet in a release version, but is expected to be included in version 3.0.3. Users are advised to either manually patch or to wait for version 3.0.3. As a workaround administrators can disable the feature.

Language: Ruby

Severity Score

5.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-53258

Url: https://github.com/autolab/Autolab/security/advisories/GHSA-84qc-7773-2gg3

Url: https://github.com/autolab/Autolab/commit/1aa4c7690892fb458d2c61ff86739f368e34769d

Url: https://www.mend.io/vulnerability-database/CVE-2024-53258

Severity Score

5.3

Weakness Type (CWE)

Exposure of Private Personal Information to an Unauthorized Actor

CWE-359

Missing Authorization

CWE-862

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-53258

Date: November 25, 2024

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?