We found results for “”
WS-2021-0431
Good to know:
Date: June 5, 2021
In Teammates feedback management tool, versions V7.14.0 through V7.16.0 are vulnerable to improper access control, as viewing and searching the students actions audit log was not limited for course owners only. Anyone with Instructor privileges could access the logs.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Improper Access Control
CWE-284Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |