{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44395", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-09-28T17:56:32.614Z", "datePublished": "2024-01-22T14:51:14.371Z", "dateUpdated": "2024-08-23T19:18:41.408Z"}, "containers": {"cna": {"title": "Autolab has Path Traversal vulnerability in Assessment functionality", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx"}, {"name": "https://github.com/autolab/Autolab/releases/tag/v2.12.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/autolab/Autolab/releases/tag/v2.12.0"}, {"name": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/", "tags": ["x_refsource_MISC"], "url": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/"}], "affected": [{"vendor": "autolab", "product": "Autolab", "versions": [{"version": "< 2.12.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-22T14:51:14.371Z"}, "descriptions": [{"lang": "en", "value": "Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue."}], "source": {"advisory": "GHSA-h8wq-ghfq-5hfx", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:07:33.190Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx"}, {"name": "https://github.com/autolab/Autolab/releases/tag/v2.12.0", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/autolab/Autolab/releases/tag/v2.12.0"}, {"name": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-23T19:09:39.273104Z", "id": "CVE-2023-44395", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T19:18:41.408Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx", "name": "https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/autolab/Autolab/releases/tag/v2.12.0", "name": "https://github.com/autolab/Autolab/releases/tag/v2.12.0", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/", "name": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:07:33.190Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44395", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-23T19:09:39.273104Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T19:18:35.472Z"}}], "cna": {"title": "Autolab has Path Traversal vulnerability in Assessment functionality", "source": {"advisory": "GHSA-h8wq-ghfq-5hfx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "autolab", "product": "Autolab", "versions": [{"status": "affected", "version": "< 2.12.0"}]}], "references": [{"url": "https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx", "name": "https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/autolab/Autolab/releases/tag/v2.12.0", "name": "https://github.com/autolab/Autolab/releases/tag/v2.12.0", "tags": ["x_refsource_MISC"]}, {"url": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/", "name": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-22T14:51:14.371Z"}}}, "cveMetadata": {"cveId": "CVE-2023-44395", "state": "PUBLISHED", "dateUpdated": "2024-08-23T19:18:41.408Z", "dateReserved": "2023-09-28T17:56:32.614Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-01-22T14:51:14.371Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autolabproject:autolab:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1C7D024-2BC5-4EB3-8FF6-006C25BBAFFD", "versionEndExcluding": "2.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby instructors can perform arbitrary file reads. Version 2.12.0 contains a patch. There are no feasible workarounds for this issue."}, {"lang": "es", "value": "Autolab es un servicio de gesti\u00f3n de cursos que permite a los profesores ofrecer tareas de programaci\u00f3n con calificaci\u00f3n autom\u00e1tica a sus estudiantes a trav\u00e9s de la Web. Se descubrieron vulnerabilidades de path traversal en la funcionalidad de evaluaci\u00f3n de Autolab en versiones de Autolab anteriores a la 2.12.0, mediante las cuales los instructores pueden realizar lecturas de archivos arbitrarias. La versi\u00f3n 2.12.0 contiene un parche. No existen workarounds viables para este problema."}], "id": "CVE-2023-44395", "lastModified": "2024-11-21T08:25:48.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-22T15:15:08.037", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/autolab/Autolab/releases/tag/v2.12.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx"}, {"source": "security-advisories@github.com", "tags": ["Technical Description"], "url": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/autolab/Autolab/releases/tag/v2.12.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/autolab/Autolab/security/advisories/GHSA-h8wq-ghfq-5hfx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description"], "url": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{}