Vulnerability Description
Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Edx | Edx-Platform | < 2024-01-12 |
Related Weaknesses (CWE)
References
- https://github.com/openedx/edx-platform/blob/0b3e4d73b6fb6f41ae87cf2b77bca12052eProduct
- https://github.com/openedx/edx-platform/commit/019888f3d15beaebcb7782934f6c43b0cPatch
- https://github.com/openedx/edx-platform/security/advisories/GHSA-qx8m-mqx3-j9fmExploitThird Party Advisory
- https://github.com/openedx/edx-platform/blob/0b3e4d73b6fb6f41ae87cf2b77bca12052eProduct
- https://github.com/openedx/edx-platform/commit/019888f3d15beaebcb7782934f6c43b0cPatch
- https://github.com/openedx/edx-platform/security/advisories/GHSA-qx8m-mqx3-j9fmExploitThird Party Advisory
FAQ
What is CVE-2024-22209?
CVE-2024-22209 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability...
How severe is CVE-2024-22209?
CVE-2024-22209 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-22209?
Check the references section above for vendor advisories and patch information. Affected products include: Edx Edx-Platform.