CVE-2024-47820
published 2024-11-18CVE-2024-47820: MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated…
PriorityP415low3.5CVSS 3.1
AVAACLPRHUINSUCLILAN
EPSS
0.73%
49.6th percentile
MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file permissions. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| markusproject | markus | < 2.4.8 | 2.4.8 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-18
Published