Home > Vulnerability Database > WS-2021-0431

Mend.io Vulnerability Database

WS-2021-0431

Good to know:

Date: June 5, 2021

In Teammates feedback management tool, versions V7.14.0 through V7.16.0 are vulnerable to improper access control, as viewing and searching the students actions audit log was not limited for course owners only. Anyone with Instructor privileges could access the logs.

Language: Java

Severity Score

4.3

Related Resources (2)

Url: https://github.com/TEAMMATES/teammates/commit/99f62a55e3371ba0d7376c8bcb6b54aa342cc2e1

Url: https://www.mend.io/vulnerability-database/WS-2021-0431

Severity Score

4.3

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version V7.17.0

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2021-0431

Good to know:

Date: June 5, 2021

Language: Java

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?