CVE-2024-47820 — MEDIUM (5.7)

Q: How severe is CVE-2024-47820?

CVE-2024-47820 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-47820?

Check the references section above for vendor advisories and patch information. Affected products include: Markusproject Markus.

Vulnerability Description

MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file permissions. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.

CVSS Score

5.7

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Markusproject	Markus	< 2.4.8

Related Weaknesses (CWE)

CWE-22

References

https://github.com/MarkUsProject/Markus/pull/7026Patch
https://github.com/MarkUsProject/Markus/security/advisories/GHSA-wq6v-vx8c-8fj8Third Party Advisory

FAQ

What is CVE-2024-47820?

CVE-2024-47820 is a vulnerability with a CVSS score of 5.7 (MEDIUM). MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web ...

How severe is CVE-2024-47820?

CVE-2024-47820 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-47820?

Check the references section above for vendor advisories and patch information. Affected products include: Markusproject Markus.