What is CVE-2024-50334?

CVE-2024-50334 is a vulnerability in Erudika Scoold, classified under Authentication Bypass Using an Alternate Path or Channel. Published 2024-10-29.

Is CVE-2024-50334 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Erudika Scoold

CVE-2024-50334

Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised acc…

EPSS: 0.101 (93.2th percentile) — read the EPSS interpretation.

Affected products

Erudika Scoold — versions < 1.64.0

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds
opendr-io/causality

References

https://github.com/Erudika/scoold/security/advisories/GHSA-fhwp-f6g7-rr3p (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2024-50334?: CVE-2024-50334 is a vulnerability in Erudika Scoold, classified under Authentication Bypass Using an Alternate Path or Channel. Published 2024-10-29.
Is CVE-2024-50334 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.