Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by MarkUsProject
CVE-2026-25962 (GCVE-0-2026-25962)
Vulnerability from cvelistv5 – Published: 2026-03-06 02:48 – Updated: 2026-03-06 16:10
VLAI
Title
MarkUs: Zip bomb in config upload enables DoS
Summary
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip file for an assignment submission and indicate its contents should be extracted. This issue has been patched in version 2.9.4.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/MarkUsProject/Markus/security/… | x_refsource_CONFIRM |
| https://github.com/MarkUsProject/Markus/releases/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MarkUsProject | Markus |
Affected:
< 2.9.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T15:50:47.797017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T16:10:34.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Markus",
"vendor": "MarkUsProject",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip file for an assignment submission and indicate its contents should be extracted. This issue has been patched in version 2.9.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T02:48:43.698Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-x8xv-j7fc-65x5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-x8xv-j7fc-65x5"
},
{
"name": "https://github.com/MarkUsProject/Markus/releases/tag/v2.9.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MarkUsProject/Markus/releases/tag/v2.9.4"
}
],
"source": {
"advisory": "GHSA-x8xv-j7fc-65x5",
"discovery": "UNKNOWN"
},
"title": "MarkUs: Zip bomb in config upload enables DoS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25962",
"datePublished": "2026-03-06T02:48:43.698Z",
"dateReserved": "2026-02-09T17:13:54.066Z",
"dateUpdated": "2026-03-06T16:10:34.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27807 (GCVE-0-2026-27807)
Vulnerability from cvelistv5 – Published: 2026-03-06 02:48 – Updated: 2026-03-06 16:10
VLAI
Title
MarkUs: YAML alias (‘billion laughs’) DoS in config upload
Summary
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e.g., assignment settings). These YAML files are parsed with aliases enabled. This issue has been patched in version 2.9.4.
Severity
4.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/MarkUsProject/Markus/security/… | x_refsource_CONFIRM |
| https://github.com/MarkUsProject/Markus/releases/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MarkUsProject | Markus |
Affected:
< 2.9.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T15:50:49.801664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T16:10:43.887Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Markus",
"vendor": "MarkUsProject",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e.g., assignment settings). These YAML files are parsed with aliases enabled. This issue has been patched in version 2.9.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-776",
"description": "CWE-776: Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T02:48:28.384Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-m9rx-85mx-q9h6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-m9rx-85mx-q9h6"
},
{
"name": "https://github.com/MarkUsProject/Markus/releases/tag/v2.9.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MarkUsProject/Markus/releases/tag/v2.9.4"
}
],
"source": {
"advisory": "GHSA-m9rx-85mx-q9h6",
"discovery": "UNKNOWN"
},
"title": "MarkUs: YAML alias (\u2018billion laughs\u2019) DoS in config upload"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27807",
"datePublished": "2026-03-06T02:48:28.384Z",
"dateReserved": "2026-02-24T02:31:33.267Z",
"dateUpdated": "2026-03-06T16:10:43.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28405 (GCVE-0-2026-28405)
Vulnerability from cvelistv5 – Published: 2026-03-05 20:06 – Updated: 2026-03-06 17:04
VLAI
Title
MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions
Summary
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses/<:course_id>/assignments/<:assignment_id>/submissions/html_content route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/MarkUsProject/Markus/security/… | x_refsource_CONFIRM |
| https://github.com/MarkUsProject/Markus/commit/55… | x_refsource_MISC |
| https://github.com/MarkUsProject/Markus/releases/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MarkUsProject | Markus |
Affected:
< 2.9.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T17:03:57.120331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T17:04:05.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Markus",
"vendor": "MarkUsProject",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses/\u003c:course_id\u003e/assignments/\u003c:assignment_id\u003e/submissions/html_content route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T20:06:13.433Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-p5pc-pxrj-3893",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-p5pc-pxrj-3893"
},
{
"name": "https://github.com/MarkUsProject/Markus/commit/55d74f2ddb72d2ec2f29aa2b4cb6b2da10755036",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MarkUsProject/Markus/commit/55d74f2ddb72d2ec2f29aa2b4cb6b2da10755036"
},
{
"name": "https://github.com/MarkUsProject/Markus/releases/tag/v2.9.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MarkUsProject/Markus/releases/tag/v2.9.1"
}
],
"source": {
"advisory": "GHSA-p5pc-pxrj-3893",
"discovery": "UNKNOWN"
},
"title": "MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28405",
"datePublished": "2026-03-05T20:06:13.433Z",
"dateReserved": "2026-02-27T15:33:57.289Z",
"dateUpdated": "2026-03-06T17:04:05.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25057 (GCVE-0-2026-25057)
Vulnerability from cvelistv5 – Published: 2026-02-09 19:16 – Updated: 2026-02-10 16:00
VLAI
Title
Zip Slip in MarkUs config upload allowing RCE
Summary
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (courses/<:course_id>/assignments/upload_config_files). The uploaded zip file entry names are used to create paths to write files to disk without checking these paths. This vulnerability is fixed in 2.9.1.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/MarkUsProject/Markus/security/… | x_refsource_CONFIRM |
| https://github.com/MarkUsProject/Markus/commit/0c… | x_refsource_MISC |
| https://github.com/MarkUsProject/Markus/releases/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MarkUsProject | Markus |
Affected:
< 2.9.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25057",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:32:11.727315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:00:52.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Markus",
"vendor": "MarkUsProject",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (courses/\u003c:course_id\u003e/assignments/upload_config_files). The uploaded zip file entry names are used to create paths to write files to disk without checking these paths. This vulnerability is fixed in 2.9.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T19:16:55.980Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-mccg-p332-252h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-mccg-p332-252h"
},
{
"name": "https://github.com/MarkUsProject/Markus/commit/0ca002a1f0071c7a00dbb2ed34fede57323c5dc7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MarkUsProject/Markus/commit/0ca002a1f0071c7a00dbb2ed34fede57323c5dc7"
},
{
"name": "https://github.com/MarkUsProject/Markus/releases/tag/v2.9.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MarkUsProject/Markus/releases/tag/v2.9.1"
}
],
"source": {
"advisory": "GHSA-mccg-p332-252h",
"discovery": "UNKNOWN"
},
"title": "Zip Slip in MarkUs config upload allowing RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25057",
"datePublished": "2026-02-09T19:16:55.980Z",
"dateReserved": "2026-01-28T14:50:47.889Z",
"dateUpdated": "2026-02-10T16:00:52.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24900 (GCVE-0-2026-24900)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:39 – Updated: 2026-02-10 16:01
VLAI
Title
MarkUs has a submission-view IDOR exposes all student submissions
Summary
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses/<:course_id>/assignments/<:assignment_id>/submissions/html_content accepted a select_file_id parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correctly scoped to the requesting user, allowing users access arbitrary submission file contents by id. This vulnerability is fixed in 2.9.1.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/MarkUsProject/Markus/security/… | x_refsource_CONFIRM |
| https://github.com/MarkUsProject/Markus/commit/7d… | x_refsource_MISC |
| https://github.com/MarkUsProject/Markus/releases/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MarkUsProject | Markus |
Affected:
< 2.9.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:30:26.838188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:01:21.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Markus",
"vendor": "MarkUsProject",
"versions": [
{
"status": "affected",
"version": "\u003c 2.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses/\u003c:course_id\u003e/assignments/\u003c:assignment_id\u003e/submissions/html_content accepted a select_file_id parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correctly scoped to the requesting user, allowing users access arbitrary submission file contents by id. This vulnerability is fixed in 2.9.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:39:52.161Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-56gh-8hmq-7q88",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-56gh-8hmq-7q88"
},
{
"name": "https://github.com/MarkUsProject/Markus/commit/7daed9fd2d44932223798d997b55094a3bff104b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MarkUsProject/Markus/commit/7daed9fd2d44932223798d997b55094a3bff104b"
},
{
"name": "https://github.com/MarkUsProject/Markus/releases/tag/v2.9.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MarkUsProject/Markus/releases/tag/v2.9.1"
}
],
"source": {
"advisory": "GHSA-56gh-8hmq-7q88",
"discovery": "UNKNOWN"
},
"title": "MarkUs has a submission-view IDOR exposes all student submissions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24900",
"datePublished": "2026-02-09T18:39:52.161Z",
"dateReserved": "2026-01-27T19:35:20.529Z",
"dateUpdated": "2026-02-10T16:01:21.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-51743 (GCVE-0-2024-51743)
Vulnerability from cvelistv5 – Published: 2024-11-18 20:04 – Updated: 2024-11-19 14:50
VLAI
Title
Arbitrary File Write leading up to remote code execution (instructor accounts)
Summary
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/MarkUsProject/Markus/security/… | x_refsource_CONFIRM |
| https://github.com/MarkUsProject/Markus/pull/7026 | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| MarkUsProject | Markus |
Affected:
< 2.4.8
|
|
| markusproject | markus |
Affected:
0 , < 2.4.8
(custom)
cpe:2.3:a:markusproject:markus:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:markusproject:markus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "markus",
"vendor": "markusproject",
"versions": [
{
"lessThan": "2.4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T14:47:33.056818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T14:50:37.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Markus",
"vendor": "MarkUsProject",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T20:04:10.444Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-hwgg-qvjx-572x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-hwgg-qvjx-572x"
},
{
"name": "https://github.com/MarkUsProject/Markus/pull/7026",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MarkUsProject/Markus/pull/7026"
}
],
"source": {
"advisory": "GHSA-hwgg-qvjx-572x",
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Write leading up to remote code execution (instructor accounts)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51743",
"datePublished": "2024-11-18T20:04:10.444Z",
"dateReserved": "2024-10-31T14:12:45.789Z",
"dateUpdated": "2024-11-19T14:50:37.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51499 (GCVE-0-2024-51499)
Vulnerability from cvelistv5 – Published: 2024-11-18 19:52 – Updated: 2024-11-18 20:14
VLAI
Title
MarkUs Arbitrary File Write leading up to remote code execution (student accounts)
Summary
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (e.g. students) to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/MarkUsProject/Markus/security/… | x_refsource_CONFIRM |
| https://github.com/MarkUsProject/Markus/pull/7026 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MarkUsProject | Markus |
Affected:
< 2.4.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-51499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T20:14:23.631715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T20:14:42.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Markus",
"vendor": "MarkUsProject",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (e.g. students) to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T20:03:35.342Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-j95p-7936-f75w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-j95p-7936-f75w"
},
{
"name": "https://github.com/MarkUsProject/Markus/pull/7026",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MarkUsProject/Markus/pull/7026"
}
],
"source": {
"advisory": "GHSA-j95p-7936-f75w",
"discovery": "UNKNOWN"
},
"title": "MarkUs Arbitrary File Write leading up to remote code execution (student accounts)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-51499",
"datePublished": "2024-11-18T19:52:30.504Z",
"dateReserved": "2024-10-28T14:20:59.338Z",
"dateUpdated": "2024-11-18T20:14:42.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47820 (GCVE-0-2024-47820)
Vulnerability from cvelistv5 – Published: 2024-11-18 16:57 – Updated: 2024-11-18 19:05
VLAI
Title
MarkUs vulnerable to Path Traversal
Summary
MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file permissions. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/MarkUsProject/Markus/security/… | x_refsource_CONFIRM |
| https://github.com/MarkUsProject/Markus/pull/7026 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MarkUsProject | Markus |
Affected:
< 2.4.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47820",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T19:04:55.718905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T19:05:12.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Markus",
"vendor": "MarkUsProject",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file permissions. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T16:57:11.771Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-wq6v-vx8c-8fj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/MarkUsProject/Markus/security/advisories/GHSA-wq6v-vx8c-8fj8"
},
{
"name": "https://github.com/MarkUsProject/Markus/pull/7026",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/MarkUsProject/Markus/pull/7026"
}
],
"source": {
"advisory": "GHSA-wq6v-vx8c-8fj8",
"discovery": "UNKNOWN"
},
"title": "MarkUs vulnerable to Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47820",
"datePublished": "2024-11-18T16:57:11.771Z",
"dateReserved": "2024-10-03T14:06:12.638Z",
"dateUpdated": "2024-11-18T19:05:12.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}