Unrated severityNVD Advisory· Published Jan 13, 2024· Updated Oct 24, 2024
XBlock custom auth does not respect JWT Scopes
CVE-2024-22209
Description
Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2< commit 019888f+ 1 more
- (no CPE)range: < commit 019888f
- (no CPE)range: < commit 019888f
Patches
Vulnerability mechanics
References
3- github.com/openedx/edx-platform/blob/0b3e4d73b6fb6f41ae87cf2b77bca12052ee1ac8/lms/djangoapps/courseware/block_render.pymitrex_refsource_MISC
- github.com/openedx/edx-platform/commit/019888f3d15beaebcb7782934f6c43b0c2b3735emitrex_refsource_MISC
- github.com/openedx/edx-platform/security/advisories/GHSA-qx8m-mqx3-j9fmmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.