CVE-2023-44395

Autolab has Path Traversal vulnerability in Assessment functionality

CVSS 4.9 MEDIUMEPSS 0.6%CWE-22

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.9EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

22 Jan 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Affected products

autolab · Autolab

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/autolab/Autolab/releases/tag/v2.12.0 https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/