← Volver a CVEs
CVE-2024-47820
MEDIUM5.7
Descripcion
MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file permissions. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading.
Detalles CVE
Puntuacion CVSS v3.15.7
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
Vector de ataqueADJACENT_NETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado11/18/2024
Ultima modificacion9/4/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
markusproject:markus
Debilidades (CWE)
CWE-22
Referencias
https://github.com/MarkUsProject/Markus/pull/7026(security-advisories@github.com)
https://github.com/MarkUsProject/Markus/security/advisories/GHSA-wq6v-vx8c-8fj8(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.