exploitDog

CVE-2024-47820

Опубликовано: 18 нояб. 2024

Источник: nvd

CVSS3: 5.7

CVSS3: 3.5

EPSS Низкий

Описание

MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file permissions. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.

Ссылки

https://github.com/MarkUsProject/Markus/pull/7026
Patch
https://github.com/MarkUsProject/Markus/security/advisories/GHSA-wq6v-vx8c-8fj8
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:markusproject:markus:*:*:*:*:*:*:*:*

Версия до 2.4.8 (исключая)

EPSS

Процентиль: 20%

0.00066

Низкий

5.7 Medium

CVSS3

3.5 Low

CVSS3

Дефекты

CWE-22

EPSS

Процентиль: 20%

0.00066

Низкий

5.7 Medium

CVSS3

3.5 Low

CVSS3

Дефекты

CWE-22

Уязвимость CVE-2024-47820