CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-49376

Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. This issue is fixed in version 3.0.1. No known workarounds exist.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.9%

CVSS Severity

CVSS v3 Score 8.8

References

https://github.com/autolab/Autolab/commit/301689ab5c5e39d13bab47b71eaf8998d04bcc9b
https://github.com/autolab/Autolab/security/advisories/GHSA-v46j-h43h-rwrm

Products affected by CVE-2024-49376

Autolabproject » Autolab » Version: 3.0.0

cpe:2.3:a:autolabproject:autolab:3.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-49376

Products

Pricing

Contact Us