Описание
Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. This issue is fixed in version 3.0.1. No known workarounds exist.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:autolabproject:autolab:3.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00274
Низкий
8.8 High
CVSS3
Дефекты
CWE-287
CWE-863
Связанные уязвимости
CVSS3: 8.8
github
больше 1 года назад
Autolab Misconfigured Reset Password Permissions
EPSS
Процентиль: 50%
0.00274
Низкий
8.8 High
CVSS3
Дефекты
CWE-287
CWE-863