Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
download_all_submissions allows student to download another student's submissions in Autolab
Vulnerability Description
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit `1aa4c769` which is not yet in a release version, but is expected to be included in version 3.0.3. Users are advised to either manually patch or to wait for version 3.0.3. As a workaround administrators can disable the feature.
CVSS Information
N/A
Vulnerability Type
侵犯隐私
Vulnerability Title
Autolab 安全漏洞
Vulnerability Description
Autolab是Autolab开源的一项课程管理服务。支持自动评分的编程作业。 Autolab 3.0.0版本存在安全漏洞,该漏洞源于学生能使用download_all_submissions功能从其他学生那里下载所有作业,会导致提交内容泄露给未经授权的用户。
CVSS Information
N/A
Vulnerability Type
N/A