Information disclosure in Gunet Open_eclass_platform
CVE-2020-24381
GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web…
Vulnerability class: Information Disclosure
EPSS: 0.014 (68.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Gunet Open_eclass_platform
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Third Party Advisory, x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Patch, Third Party Advisory, Issue Tracking)
Frequently asked questions
- What is CVE-2020-24381?
- CVE-2020-24381 is a high-severity vulnerability in Gunet Open_eclass_platform, classified under Information Disclosure. CVSS score: 7.5/10. Published 2020-08-19.
- How severe is CVE-2020-24381?
- High severity. CVSS v3 base score is 7.5 out of 10.