We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-48920

PutongOJ: unprivileged users can escalate privileges by constructing requests



Description

PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually.

Reserved 2024-10-09 | Published 2024-10-17 | Updated 2024-10-17 | Assigner GitHub_M


CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

< 2.1.0-beta.1
affected

References

github.com/...tongOJ/security/advisories/GHSA-gj6h-73c5-xw6f

github.com/...ommit/211dfe9ebf1c6618ce5396b0338de4f9b580715e

github.com/acm309/PutongOJ/releases/tag/v2.1.0-beta.1

cve.org (CVE-2024-48920)

nvd.nist.gov (CVE-2024-48920)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-48920

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.