216.73.216.170

CVE-2024-49376

· Published 25/10/2024 13:15 · Modified 14/11/2024 22:49

Labels: CVE-2024-49376 2024-10-25CVE-2024-49376CWE-287CWE-863[email protected]

Essential information

Published
25/10/2024 13:15
Modified
14/11/2024 22:49
Author
Creator
CVSS
8.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. This issue is fixed in version 3.0.1. No known workarounds exist.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
autolabproject / autolab cpe:2.3:a:autolabproject:autolab:3.0.0:*:*:*:*:*:*:*

References