cbcvebase.
CVE-2023-44395
published 2024-01-22

CVE-2023-44395: Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal…

PriorityP340medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.60%
44.5th percentile
Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue.

Affected

2 ranges
VendorProductVersion rangeFixed in
autolabautolab< 2.12.02.12.0
autolabprojectautolab< 2.12.02.12.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.