cbcvebase.
CVE-2023-32317
published 2023-05-26

CVE-2023-32317: Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker…

PriorityP343high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.89%
54.8th percentile
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both "Base File Tar" and "Additional file archive" can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade.

Affected

2 ranges
VendorProductVersion rangeFixed in
autolabautolab< 2.11.02.11.0
autolabprojectautolab< 2.11.02.11.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.