AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-47820: MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in vers

mediumvulnerability

security

Source: NVD/CVE DatabaseNovember 18, 2024CVE-2024-47820

Summary

MarkUs, a web application for submitting and grading student assignments, has a path traversal vulnerability (a security flaw that lets attackers access files outside the intended directory) in versions before 2.4.8. Authenticated instructors can download any file on the server, depending on file permissions. The vulnerability affects how the application limits access to files.

Solution / Mitigation

Upgrade to MarkUs v2.4.8 or later. The source states: 'MarkUs v2.4.8 has addressed this issue' and notes that 'No known workarounds are available at the application level aside from upgrading.'

Vulnerability Details

CVSS Score

5.7(medium)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-22

CAPEC (Attack Pattern)

CAPEC-126

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-47820

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 95%