CVE-2024-22209

Published: Jan 13, 2024Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.

Affected (1)

Products: Edx: Edx Platform

Edx

1 product

Edx Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Edx Edx Platform	Before 2024-01-12

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

https://github.com/openedx/edx-platform/blob/0b3e4d73b6fb6f41ae87cf2b77bca12052ee1ac8/lms/djangoapps/courseware/block_render.py#L752-L775

Source: security-advisories@github.com

Product

https://github.com/openedx/edx-platform/commit/019888f3d15beaebcb7782934f6c43b0c2b3735e

Source: security-advisories@github.com

Patch

https://github.com/openedx/edx-platform/security/advisories/GHSA-qx8m-mqx3-j9fm

Source: security-advisories@github.com

ExploitThird Party Advisory

https://github.com/openedx/edx-platform/blob/0b3e4d73b6fb6f41ae87cf2b77bca12052ee1ac8/lms/djangoapps/courseware/block_render.py#L752-L775

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/openedx/edx-platform/commit/019888f3d15beaebcb7782934f6c43b0c2b3735e

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/openedx/edx-platform/security/advisories/GHSA-qx8m-mqx3-j9fm

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.