VYPR
Unrated severityNVD Advisory· Published Jan 13, 2024· Updated Oct 24, 2024

XBlock custom auth does not respect JWT Scopes

CVE-2024-22209

Description

Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Openedx/Openedx Platformllm-fuzzy2 versions
    < commit 019888f+ 1 more
    • (no CPE)range: < commit 019888f
    • (no CPE)range: < commit 019888f

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.