CVE-2024-53260
CVSS 3.1 Score 6.8 of 10 (medium)
Details
Summary
CVE-2024-53260 is a vulnerability affecting Autolab, a course management service that supports auto-graded programming assignments. Maliciously crafted user names, containing valid Excel or spreadsheet formulas, can lead to the leakage of students' information in a course roster. When an instructor downloads and opens the roster, the formula-containing names will be evaluated, potentially sending sensitive data to a remote endpoint. The issue has been addressed in the source code repository and is expected to be resolved in the next release. Users are advised to either manually patch their systems or wait for the update, while there are currently no known workarounds for this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.