Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Autolab has vulnerable submission endpoints
Vulnerability Description
Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the endpoint, which is not necessarily the class the submission is attached to. Version 3.0.2 contains a patch. No known workarounds are available.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Autolab 安全漏洞
Vulnerability Description
Autolab是Autolab开源的一项课程管理服务。支持自动评分的编程作业。 Autolab 3.0.1版本存在安全漏洞,该漏洞源于CA可以查看或编辑任何提交ID的成绩。
CVSS Information
N/A
Vulnerability Type
N/A