Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv3

CVE-2023-32676

Published: 26/05/2023 Updated: 11/12/2023
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 0

Vulnerability Summary

Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade.

Vulnerable Product Search on Vulmon Subscribe to Product

autolabproject autolab

References

CWE-22https://github.com/autolab/Autolab/commit/14f508484a8323eceb0cf3a128573b43eabbc80dhttps://github.com/autolab/Autolab/security/advisories/GHSA-x9hj-r9q4-832chttps://securitylab.github.com/advisories/GHSL-2023-081_GHSL-2023-082_Autolab/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoofCVE-2024-34928CVE-2024-5291deserializationCVE-2024-4471CVE-2024-4956CVE-2024-32002CVE-2024-5227unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook