CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
32.5%
thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying subresults
, it is possible to query subresults
from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit f1ae67d8bb2
and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue.
Vendor | Product | Version | CPE |
---|---|---|---|
thm | feedbacksystem | * | cpe:2.3:a:thm:feedbacksystem:*:*:*:*:*:*:*:* |
github.com/thm-mni-ii/feedbacksystem/commit/f1ae67d8bb2286a8eb15949038473d41b1358493
github.com/thm-mni-ii/feedbacksystem/releases/tag/v1.5.3
github.com/thm-mni-ii/feedbacksystem/security/advisories/GHSA-fhq8-p3w6-mmgr
thm-mni-ii.github.io/feedbacksystem/api-docs/#tag/Submission/operation/getCourseTaskSubmissionSubresults
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
32.5%