cve-2022-41956
Vulnerability from cvelistv5
Published
2023-01-14 00:40
Modified
2024-08-03 12:56
Summary
Autolab is vulnerable to file disclosure via remote handin feature
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:38.655Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/autolab/Autolab/security/advisories/GHSA-g7x7-mgrv-f24x",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/autolab/Autolab/security/advisories/GHSA-g7x7-mgrv-f24x"
          },
          {
            "name": "https://securitylab.github.com/advisories/GHSL-2022-100_Autolab/",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://securitylab.github.com/advisories/GHSL-2022-100_Autolab/"
          },
          {
            "name": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autolab",
          "vendor": "autolab",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 2.9.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab\u0027s remote handin feature, whereby users are able to hand-in assignments using paths outside their submission directory. Users can then view the submission to view the file\u0027s contents. The vulnerability has been patched in version 2.10.0. As a workaround, ensure that the field for the remote handin feature is empty (Edit Assessment \u003e Advanced \u003e Remote handin path), and that you are not running Autolab as `root` (or any user that has write access to `/`). Alternatively, disable the remote handin feature if it is unneeded by replacing the body of `local_submit` in `app/controllers/assessment/handin.rb` with `render(plain: \"Feature disabled\", status: :bad_request) \u0026\u0026 return`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-11T18:24:15.495Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/autolab/Autolab/security/advisories/GHSA-g7x7-mgrv-f24x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/autolab/Autolab/security/advisories/GHSA-g7x7-mgrv-f24x"
        },
        {
          "name": "https://securitylab.github.com/advisories/GHSL-2022-100_Autolab/",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://securitylab.github.com/advisories/GHSL-2022-100_Autolab/"
        },
        {
          "name": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/"
        }
      ],
      "source": {
        "advisory": "GHSA-g7x7-mgrv-f24x",
        "discovery": "UNKNOWN"
      },
      "title": "Autolab is vulnerable to file disclosure via remote handin feature"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-41956",
    "datePublished": "2023-01-14T00:40:32.121Z",
    "dateReserved": "2022-09-30T16:38:28.945Z",
    "dateUpdated": "2024-08-03T12:56:38.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-41956\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-01-14T01:15:13.230\",\"lastModified\":\"2024-11-21T07:24:09.070\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab\u0027s remote handin feature, whereby users are able to hand-in assignments using paths outside their submission directory. Users can then view the submission to view the file\u0027s contents. The vulnerability has been patched in version 2.10.0. As a workaround, ensure that the field for the remote handin feature is empty (Edit Assessment \u003e Advanced \u003e Remote handin path), and that you are not running Autolab as `root` (or any user that has write access to `/`). Alternatively, disable the remote handin feature if it is unneeded by replacing the body of `local_submit` in `app/controllers/assessment/handin.rb` with `render(plain: \\\"Feature disabled\\\", status: :bad_request) \u0026\u0026 return`.\"},{\"lang\":\"es\",\"value\":\"Autolab es un servicio de gesti\u00f3n de cursos, desarrollado inicialmente por un equipo de estudiantes de la Universidad Carnegie Mellon, que permite a los instructores ofrecer tareas de programaci\u00f3n autocalificadas a sus estudiantes a trav\u00e9s de la Web. Se descubri\u00f3 una vulnerabilidad de divulgaci\u00f3n de archivos en la funci\u00f3n de entrega remota de Autolab, mediante la cual los usuarios pueden entregar tareas utilizando rutas fuera de su directorio de env\u00edo. Luego, los usuarios pueden ver el env\u00edo para ver el contenido del archivo. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 2.10.0. Como workaround, aseg\u00farese de que el campo para la funci\u00f3n de entrega remota est\u00e9 vac\u00edo (Edit Assessment \u0026gt; Advanced \u0026gt; Remote handin path) y que no est\u00e9 ejecutando Autolab como `root` (o cualquier usuario que tenga acceso de escritura a `/ `). Alternativamente `local_submit` in `app/controllers/assessment/handin.rb` with `render(plain: \\\"Feature disabled\\\", status: :bad_request) \u0026amp;\u0026amp; return`.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autolabproject:autolab:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.10.0\",\"matchCriteriaId\":\"15CEA33A-9734-4B79-8525-92B23FF92B80\"}]}]}],\"references\":[{\"url\":\"https://github.com/autolab/Autolab/security/advisories/GHSA-g7x7-mgrv-f24x\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2022-100_Autolab/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/autolab/Autolab/security/advisories/GHSA-g7x7-mgrv-f24x\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://securitylab.github.com/advisories/GHSL-2022-100_Autolab/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.stackhawk.com/blog/rails-path-traversal-guide-examples-and-prevention/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.