CVE-2023-44395

{"id": "CVE-2023-44395", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2024-01-22T15:15:08.037", "references": [{"url": "https://github.com/autolab/Autolab/releases/tag/v2.12.0", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/", "tags": ["Technical Description"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue."}, {"lang": "es", "value": "Autolab es un servicio de gesti\u00f3n de cursos que permite a los profesores ofrecer tareas de programaci\u00f3n con calificaci\u00f3n autom\u00e1tica a sus estudiantes a trav\u00e9s de la Web. Se descubrieron vulnerabilidades de path traversal en la funcionalidad de evaluaci\u00f3n de Autolab en versiones de Autolab anteriores a la 2.12.0, mediante las cuales los instructores pueden realizar lecturas de archivos arbitrarias. La versi\u00f3n 2.12.0 contiene un parche. No existen workarounds viables para este problema."}], "lastModified": "2024-01-29T17:33:31.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:autolabproject:autolab:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1C7D024-2BC5-4EB3-8FF6-006C25BBAFFD", "versionEndExcluding": "2.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}