PT-2024-19277 · Edx · Open Edx Platform
Feanil
·
Published
2024-01-13
·
Updated
2024-01-22
·
CVE-2024-22209
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Open edX Platform versions prior to the version containing commit 019888f
Description
The issue affects the Open edX Platform, a service-oriented platform for authoring and delivering online learning. A user with a JWT and limited scopes could call
API Endpoints exceeding their access.Recommendations
For versions prior to the version containing commit 019888f, update to a version that includes the patch commit 019888f to resolve the issue. As a temporary workaround, consider restricting access to sensitive
API Endpoints to minimize the risk of exploitation.Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Edx Platform