CVE-2024-37742

Published: Jun 25, 2024Modified: Nov 21, 2024

8.2

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Exploitability: 3.9 / Impact: 4.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. The vulnerability allows an attacker to share clipboard data between the SEB kiosk mode and the underlying system, compromising exam integrity. By exploiting this flaw, an attacker can bypass exam controls and gain an unfair advantage during exams.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://github.com/Eteblue/CVE-2024-37742

Source: cve@mitre.org

https://youtu.be/SOm0Hgny_3U

Source: cve@mitre.org

https://github.com/Eteblue/CVE-2024-37742

Source: af854a3a-2127-422b-91ae-364da2661108

https://youtu.be/SOm0Hgny_3U

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.