PT-2020-15720 · Gunet · Gunet Open Eclass Platform

Emaragkos

Published

2020-08-19

Updated

2022-04-30

CVE-2020-24381

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GUnet Open eClass Platform versions prior to 3.11

Description The issue allows remote attackers to read students' submitted assessments due to the web server not blocking directory listings and the data directory being inside the web root by default.

Recommendations For versions prior to 3.11, update to version 3.11 or later to ensure the web server blocks directory listings and the data directory is properly secured.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2020-24381

Affected Products

Gunet Open Eclass Platform

PT-2020-15720 · Gunet · Gunet Open Eclass Platform

CVE-2020-24381

Weakness Enumeration

Related Identifiers

Affected Products

References · 4