Vulnerabilities > CVE-2024-49376 - Incorrect Authorization vulnerability in Autolabproject Autolab 3.0.0

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

autolabproject

CWE-863

NVD

Published: 2024-10-25

Updated: 2024-11-14

Summary

Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. This issue is fixed in version 3.0.1. No known workarounds exist.

Vulnerable Configurations

Part	Description	Count
Application	Autolabproject Autolabproject Autolab 3.0.0	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://github.com/autolab/Autolab/security/advisories/GHSA-v46j-h43h-rwrm
https://github.com/autolab/Autolab/commit/301689ab5c5e39d13bab47b71eaf8998d04bcc9b