Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Autolab tar slip in cheat checker functionality (`GHSL-2023-082`)
Vulnerability Description
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both "Base File Tar" and "Additional file archive" can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Autolab 路径遍历漏洞
Vulnerability Description
Autolab是一项课程管理服务。支持自动评分的编程作业。 Autolab 2.10.0及之前版本存在安全漏洞,该漏洞源于在 Autolab 的 MOSS功能中发现了 Tar slip 漏洞,攻击者利用该漏洞可以上传特制的 Tar 文件。
CVSS Information
N/A
Vulnerability Type
N/A