Information disclosure in Gunet Open_eclass_platform

CVE-2020-24381

GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web…

Vulnerability class: Information Disclosure

EPSS: 0.014 (68.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Weakness classification (CWE)

References

  • cve@mitre.org (Third Party Advisory, x_refsource_MISC)
  • cve@mitre.org (x_refsource_CONFIRM, Exploit, Patch, Third Party Advisory, Issue Tracking)

Frequently asked questions

What is CVE-2020-24381?
CVE-2020-24381 is a high-severity vulnerability in Gunet Open_eclass_platform, classified under Information Disclosure. CVSS score: 7.5/10. Published 2020-08-19.
How severe is CVE-2020-24381?
High severity. CVSS v3 base score is 7.5 out of 10.