CVE-2024-53258

Name of the Vulnerable Software and Affected Versions Autolab versions 3.0.0 through 3.0.2

Description Autolab is a course management service that enables auto-graded programming assignments. The issue allows students to download all assignments from another student, as long as they are logged in, using the download all submissions feature. This can lead to leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs.

Recommendations For Autolab versions 3.0.0 through 3.0.2, users are advised to either manually patch with commit 1aa4c769 or wait for version 3.0.3. As a temporary workaround, administrators can disable the download all submissions feature to minimize the risk of exploitation.