Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Autolab tar slip in Install Assessment functionality (`GHSL-2023-081`)
Vulnerability Description
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Autolab 路径遍历漏洞
Vulnerability Description
Autolab是一项课程管理服务。支持自动评分的编程作业。 Autolab 2.10.0及之前版本存在安全漏洞,该漏洞源于在 Autolab 的安装评估功能中发现了 Tar slip 漏洞,攻击者利用该漏洞可以上传特制的 Tar 文件。
CVSS Information
N/A
Vulnerability Type
N/A