CVE-2023-32676
Severidad:
ALTA
Tipo:
CWE-22
Limitación incorrecta de nombre de ruta a un directorio restringido (Path Traversal)
Fecha de publicación:
26/05/2023
Última modificación:
05/06/2023
Descripción
*** Pendiente de traducción *** Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade.
Impacto
Puntuación base 3.x
7.20
Severidad 3.x
ALTA
Productos y versiones vulnerables
- cpe:2.3:a:autolabproject:autolab:*:*:*:*:*:*:*:*
Para consultar la lista completa de productos y versiones ver esta página