Autolabproject Autolab vulnerabilities
11 known vulnerabilities affecting autolabproject/autolab.
Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2022-41955P2HIGHCVSS 8.8≥ 2.0.2, < 2.10.02023-01-14
CVE-2022-41955 [HIGH] CWE-78 CVE-2022-41955: Autolab is a course management service, initially developed by a team of students at Carnegie Mellon
Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionality, whereby an instructor with access to the feature might
nvd
CVE-2024-49376P3HIGHCVSS 8.8v3.0.02024-10-25
CVE-2024-49376 [HIGH] CWE-287 CVE-2024-49376: Autolab, a course management service that enables auto-graded programming assignments, has misconfig
Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. This issue is fixed in version 3.0.1. No known w
nvd
CVE-2023-32676P3HIGHCVSS 7.2fixed in 2.11.02023-05-26
CVE-2023-32676 [HIGH] CWE-22 CVE-2023-32676: Autolab is a course management service that enables auto-graded programming assignments. A Tar slip
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an att
nvd
CVE-2023-32317P3HIGHCVSS 7.2fixed in 2.11.02023-05-26
CVE-2023-32317 [HIGH] CWE-22 CVE-2023-32317: Autolab is a course management service that enables auto-graded programming assignments. A Tar slip
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both "Base File Tar" and "Additional file archive
nvd
CVE-2023-44395P3MEDIUMCVSS 6.5fixed in 2.12.02024-01-22
CVE-2023-44395 [MEDIUM] CWE-22 CVE-2023-44395: Autolab is a course management service that enables instructors to offer autograded programming assi
Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch.
nvd
CVE-2022-41956P3MEDIUMCVSS 6.5fixed in 2.10.02023-01-14
CVE-2022-41956 [MEDIUM] CWE-22 CVE-2022-41956: Autolab is a course management service, initially developed by a team of students at Carnegie Mellon
Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature, whereby users are able to hand-in assignments using pat
nvd
CVE-2024-53260P4MEDIUMCVSS 6.8≤ 3.0.22024-11-27
CVE-2024-53260 [MEDIUM] CWE-1236 CVE-2024-53260: Autolab is a course management service that enables auto-graded programming assignments. A user can
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This could lead to leakage of information of students in t
nvd
CVE-2024-53258P4MEDIUMCVSS 5.3≥ 3.0.0, ≤ 3.0.22024-11-25
CVE-2024-53258 [MEDIUM] CWE-359 CVE-2024-53258: Autolab is a course management service that enables auto-graded programming assignments. From Autola
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submi
nvd
CVE-2024-52584P4MEDIUMCVSS 5.4v3.0.12024-11-18
CVE-2024-52584 [MEDIUM] CWE-863 CVE-2024-52584: Autolab is a course management service that enables auto-graded programming assignments. There is a
Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the e
nvd
CVE-2024-52585P4MEDIUMCVSS 5.4v3.0.12024-11-18
CVE-2024-52585 [MEDIUM] CWE-79 CVE-2024-52585: Autolab is a course management service that enables auto-graded programming assignments. There is an
Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing line 589 on `gradesheet.js.erb` to take in feedback as
nvd
CVE-2022-0936P4MEDIUMCVSS 5.4fixed in 2.8.02022-04-11
CVE-2022-0936 [MEDIUM] CWE-79 CVE-2022-0936: Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0.
Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0.
nvd