QwikSec

Security Database

CVE

CWE

Training

CVE-2024-49376

Published: Oct 25, 2024

Modified: Oct 25, 2024

PUBLISHED

Description

Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. This issue is fixed in version 3.0.1. No known workarounds exist.

Vendor	Product	Versions
autolab	Autolab	affected `= 3.0.0`

Weaknesses (CWE)

References

https://github.com/autolab/Autolab/security/advisories/GHSA-v46j-h43h-rwrm

x_refsource_CONFIRM

https://github.com/autolab/Autolab/commit/301689ab5c5e39d13bab47b71eaf8998d04bcc9b

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.