GitHub Security Lab (GHSL) Vulnerability Report:
- Arbitrary File Write leading up to RCE in AutomatedTestsController (GHSL-2024-062)
- Arbitrary File Write leading up to RCE in StarterFileGroupsController (GHSL-2024-063)
- Arbitrary File Write leading up to RCE in StarterFileGroupsController API (GHSL-2024-064)
Impact
Arbitrary file write vulnerabilities in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application.
Patches
MarkUs v2.4.8 has addressed this issue.
Workarounds
In terms of application level, the best way is to upgrade.
References
#7026
david-yz-liu Remediation developer
GitHub Security Lab (GHSL) Vulnerability Report:
Impact
Arbitrary file write vulnerabilities in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application.
Patches
MarkUs v2.4.8 has addressed this issue.
Workarounds
In terms of application level, the best way is to upgrade.
References
#7026