What is CVE-2024-47820?

CVE-2024-47820 is a medium-severity vulnerability in Markusproject Markus, classified under Path Traversal. CVSS score: 5.7/10. Published 2024-11-18.

How severe is CVE-2024-47820?

Medium severity. CVSS v3 base score is 5.7 out of 10.

Path Traversal in Markusproject Markus

CVE-2024-47820

MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (25.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.7 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H.

Affected products

Markusproject Markus — versions < 2.4.8

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/MarkUsProject/Markus/security/advisories/GHSA-wq6v-vx8c-8fj8 (x_refsource_CONFIRM)
https://github.com/MarkUsProject/Markus/pull/7026 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-47820?: CVE-2024-47820 is a medium-severity vulnerability in Markusproject Markus, classified under Path Traversal. CVSS score: 5.7/10. Published 2024-11-18.
How severe is CVE-2024-47820?: Medium severity. CVSS v3 base score is 5.7 out of 10.