{"data":{"id":"485b435d-a7d3-454e-b4f2-209b51ebddce","title":"CVE-2024-53258: Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 o","summary":"Autolab is a course management system that automatically grades programming assignments. A vulnerability in versions 3.0.0 and later allows any logged-in student to download all submissions from other students or even instructor test files using the download_all_submissions feature, potentially exposing private coursework to unauthorized people.","solution":"The issue has been patched in commit `1aa4c769`, which is expected to be included in version 3.0.3. Users can either manually patch their installation or wait for version 3.0.3 to be released. As an immediate temporary workaround, administrators can disable the download_all_submissions feature.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-53258","publishedAt":"2024-11-26T01:15:10.030Z","cveId":"CVE-2024-53258","cweIds":["CWE-359","CWE-862","CWE-862"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Autolab"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00142,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"training_data","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}