Autolab
by Autolab
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-53260 | 0.00 | — | 0.00 | Nov 27, 2024 | Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated… | |||
| CVE-2024-53258 | 0.00 | — | 0.00 | Nov 25, 2024 | Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for… | |||
| CVE-2024-52585 | 0.00 | — | 0.00 | Nov 18, 2024 | Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch… | |||
| CVE-2024-52584 | 0.00 | — | 0.00 | Nov 18, 2024 | Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only… | |||
| CVE-2024-49376 | 0.00 | — | 0.00 | Oct 25, 2024 | Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by… | |||
| CVE-2023-44395 | 0.00 | — | 0.01 | Jan 22, 2024 | Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby… | |||
| CVE-2023-32676 | 0.00 | — | 0.01 | May 26, 2023 | Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a… | |||
| CVE-2023-32317 | 0.00 | — | 0.01 | May 26, 2023 | Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a… | |||
| CVE-2022-41956 | 0.00 | — | 0.02 | Jan 14, 2023 | Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's… | |||
| CVE-2022-41955 | 0.00 | — | 0.01 | Jan 14, 2023 | Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's… | |||
| CVE-2022-0936 | 0.00 | — | 0.01 | Apr 11, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0. |
- CVE-2024-53260Nov 27, 2024risk 0.00cvss —epss 0.00
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated…
- CVE-2024-53258Nov 25, 2024risk 0.00cvss —epss 0.00
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for…
- CVE-2024-52585Nov 18, 2024risk 0.00cvss —epss 0.00
Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch…
- CVE-2024-52584Nov 18, 2024risk 0.00cvss —epss 0.00
Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only…
- CVE-2024-49376Oct 25, 2024risk 0.00cvss —epss 0.00
Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by…
- CVE-2023-44395Jan 22, 2024risk 0.00cvss —epss 0.01
Autolab is a course management service that enables instructors to offer autograded programming assignments to their students over the Web. Path traversal vulnerabilities were discovered in Autolab's assessment functionality in versions of Autolab prior to 2.12.0, whereby…
- CVE-2023-32676May 26, 2023risk 0.00cvss —epss 0.01
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a…
- CVE-2023-32317May 26, 2023risk 0.00cvss —epss 0.01
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a…
- CVE-2022-41956Jan 14, 2023risk 0.00cvss —epss 0.02
Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's…
- CVE-2022-41955Jan 14, 2023risk 0.00cvss —epss 0.01
Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's…
- CVE-2022-0936Apr 11, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0.