Search criteria
6 vulnerabilities found for open_eclass_platform by gunet
FKIE_CVE-2021-44266
Vulnerability from fkie_nvd - Published: 2022-06-11 15:15 - Updated: 2024-11-21 06:30
Severity ?
Summary
GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://docs.openeclass.org/el/current#%CE%AD%CE%BA%CE%B4%CE%BF%CF%83%CE%B7_3122 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://emaragkos.gr/cve-2021-44266/ | Third Party Advisory | |
| cve@mitre.org | https://hg.gunet.gr/openeclass/rev/e0ed11f5768d | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.openeclass.org/el/current#%CE%AD%CE%BA%CE%B4%CE%BF%CF%83%CE%B7_3122 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://emaragkos.gr/cve-2021-44266/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hg.gunet.gr/openeclass/rev/e0ed11f5768d | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gunet | open_eclass_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gunet:open_eclass_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E05D40-A3D5-495D-9835-41BA3ED189EB",
"versionEndExcluding": "3.12.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter."
},
{
"lang": "es",
"value": "GUnet Open eClass (tambi\u00e9n se conoce como openeclass) versiones anteriores a 3.12.2, permite un ataque de tipo XSS por medio del par\u00e1metro auth del archivo modules/auth/formuser.php"
}
],
"id": "CVE-2021-44266",
"lastModified": "2024-11-21T06:30:41.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-11T15:15:08.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://docs.openeclass.org/el/current#%CE%AD%CE%BA%CE%B4%CE%BF%CF%83%CE%B7_3122"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://emaragkos.gr/cve-2021-44266/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://hg.gunet.gr/openeclass/rev/e0ed11f5768d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://docs.openeclass.org/el/current#%CE%AD%CE%BA%CE%B4%CE%BF%CF%83%CE%B7_3122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://emaragkos.gr/cve-2021-44266/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://hg.gunet.gr/openeclass/rev/e0ed11f5768d"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-24381
Vulnerability from fkie_nvd - Published: 2020-08-19 12:15 - Updated: 2024-11-21 05:14
Severity ?
Summary
GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://emaragkos.gr/cve-2020-24381/ | Third Party Advisory | |
| cve@mitre.org | https://github.com/gunet/openeclass/issues/39 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://emaragkos.gr/cve-2020-24381/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gunet/openeclass/issues/39 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gunet | open_eclass_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gunet:open_eclass_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59A23733-2777-4642-A2E1-35AC63B031A3",
"versionEndExcluding": "3.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students\u0027 submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default."
},
{
"lang": "es",
"value": "La plataforma GUnet Open eClass (tambi\u00e9n conocida como openeclass) antes de la versi\u00f3n 3.11 podr\u00eda permitir a atacantes remotos leer las evaluaciones enviadas por los estudiantes porque no asegura que el servidor web bloquee los listados de directorios, y el directorio de datos est\u00e1 dentro de la ra\u00edz de la web por defecto"
}
],
"id": "CVE-2020-24381",
"lastModified": "2024-11-21T05:14:42.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-19T12:15:11.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://emaragkos.gr/cve-2020-24381/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gunet/openeclass/issues/39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://emaragkos.gr/cve-2020-24381/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/gunet/openeclass/issues/39"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-44266 (GCVE-0-2021-44266)
Vulnerability from cvelistv5 – Published: 2022-06-11 14:50 – Updated: 2024-08-04 04:17
VLAI?
Summary
GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hg.gunet.gr/openeclass/rev/e0ed11f5768d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.openeclass.org/el/current#%CE%AD%CE%BA%CE%B4%CE%BF%CF%83%CE%B7_3122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://emaragkos.gr/cve-2021-44266/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-11T14:52:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hg.gunet.gr/openeclass/rev/e0ed11f5768d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.openeclass.org/el/current#%CE%AD%CE%BA%CE%B4%CE%BF%CF%83%CE%B7_3122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://emaragkos.gr/cve-2021-44266/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hg.gunet.gr/openeclass/rev/e0ed11f5768d",
"refsource": "MISC",
"url": "https://hg.gunet.gr/openeclass/rev/e0ed11f5768d"
},
{
"name": "https://docs.openeclass.org/el/current#%CE%AD%CE%BA%CE%B4%CE%BF%CF%83%CE%B7_3122",
"refsource": "MISC",
"url": "https://docs.openeclass.org/el/current#%CE%AD%CE%BA%CE%B4%CE%BF%CF%83%CE%B7_3122"
},
{
"name": "https://emaragkos.gr/cve-2021-44266/",
"refsource": "MISC",
"url": "https://emaragkos.gr/cve-2021-44266/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44266",
"datePublished": "2022-06-11T14:50:50",
"dateReserved": "2021-11-29T00:00:00",
"dateUpdated": "2024-08-04T04:17:24.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24381 (GCVE-0-2020-24381)
Vulnerability from cvelistv5 – Published: 2020-08-19 11:50 – Updated: 2024-08-04 15:12
VLAI?
Summary
GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://emaragkos.gr/cve-2020-24381/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gunet/openeclass/issues/39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students\u0027 submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-10T03:03:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://emaragkos.gr/cve-2020-24381/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gunet/openeclass/issues/39"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students\u0027 submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://emaragkos.gr/cve-2020-24381/",
"refsource": "MISC",
"url": "https://emaragkos.gr/cve-2020-24381/"
},
{
"name": "https://github.com/gunet/openeclass/issues/39",
"refsource": "CONFIRM",
"url": "https://github.com/gunet/openeclass/issues/39"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24381",
"datePublished": "2020-08-19T11:50:17",
"dateReserved": "2020-08-17T00:00:00",
"dateUpdated": "2024-08-04T15:12:08.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-44266 (GCVE-0-2021-44266)
Vulnerability from nvd – Published: 2022-06-11 14:50 – Updated: 2024-08-04 04:17
VLAI?
Summary
GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hg.gunet.gr/openeclass/rev/e0ed11f5768d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.openeclass.org/el/current#%CE%AD%CE%BA%CE%B4%CE%BF%CF%83%CE%B7_3122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://emaragkos.gr/cve-2021-44266/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-11T14:52:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hg.gunet.gr/openeclass/rev/e0ed11f5768d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.openeclass.org/el/current#%CE%AD%CE%BA%CE%B4%CE%BF%CF%83%CE%B7_3122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://emaragkos.gr/cve-2021-44266/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hg.gunet.gr/openeclass/rev/e0ed11f5768d",
"refsource": "MISC",
"url": "https://hg.gunet.gr/openeclass/rev/e0ed11f5768d"
},
{
"name": "https://docs.openeclass.org/el/current#%CE%AD%CE%BA%CE%B4%CE%BF%CF%83%CE%B7_3122",
"refsource": "MISC",
"url": "https://docs.openeclass.org/el/current#%CE%AD%CE%BA%CE%B4%CE%BF%CF%83%CE%B7_3122"
},
{
"name": "https://emaragkos.gr/cve-2021-44266/",
"refsource": "MISC",
"url": "https://emaragkos.gr/cve-2021-44266/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44266",
"datePublished": "2022-06-11T14:50:50",
"dateReserved": "2021-11-29T00:00:00",
"dateUpdated": "2024-08-04T04:17:24.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24381 (GCVE-0-2020-24381)
Vulnerability from nvd – Published: 2020-08-19 11:50 – Updated: 2024-08-04 15:12
VLAI?
Summary
GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://emaragkos.gr/cve-2020-24381/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gunet/openeclass/issues/39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students\u0027 submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-10T03:03:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://emaragkos.gr/cve-2020-24381/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gunet/openeclass/issues/39"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students\u0027 submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://emaragkos.gr/cve-2020-24381/",
"refsource": "MISC",
"url": "https://emaragkos.gr/cve-2020-24381/"
},
{
"name": "https://github.com/gunet/openeclass/issues/39",
"refsource": "CONFIRM",
"url": "https://github.com/gunet/openeclass/issues/39"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24381",
"datePublished": "2020-08-19T11:50:17",
"dateReserved": "2020-08-17T00:00:00",
"dateUpdated": "2024-08-04T15:12:08.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}