Plataforma
other
Componente
putongoj
Corrigido em
2.1.1
CVE-2024-48920 affects PutongOJ, an online judging software. This vulnerability allows unprivileged users to escalate their privileges, granting them unauthorized access to perform administrative operations. Versions of PutongOJ prior to 2.1.0-beta.1 are vulnerable. A fix has been released in version 2.1.0-beta.1.
The impact of CVE-2024-48920 is severe. An attacker exploiting this vulnerability can gain full administrative control over the PutongOJ instance. This allows them to access and modify sensitive data, including user credentials, judging configurations, and potentially even the underlying system. The attacker could also create, modify, or delete judging problems, manipulate results, and disrupt the entire online judging platform. The blast radius extends to all users and data stored within the PutongOJ system.
CVE-2024-48920 was publicly disclosed on 2024-10-17. The vulnerability's ease of exploitation and the potential for significant impact suggest a medium to high probability of exploitation. Currently, no public proof-of-concept exploits are widely available, but the vulnerability's nature makes it likely that such exploits will emerge. Monitor security advisories and threat intelligence feeds for updates.
Organizations and individuals deploying PutongOJ for online judging and competitive programming are at risk. This includes educational institutions, coding platforms, and companies using PutongOJ for internal assessments. Systems running older, unpatched versions are particularly vulnerable.
disclosure
Status do Exploit
EPSS
0.20% (percentil 42%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-48920 is to upgrade PutongOJ to version 2.1.0-beta.1 or later. If upgrading is not immediately feasible, a manual patch can be applied by incorporating the changes from commit 211dfe9. Carefully review the commit details to ensure proper integration with your existing PutongOJ installation. Consider implementing stricter access controls and input validation as additional layers of defense. After upgrade or patch application, verify the fix by attempting to escalate privileges with a non-administrator user account.
Actualice PutongOJ a la versión 2.1.0-beta.1 o posterior. Como alternativa, aplique manualmente el parche del commit `211dfe9`.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-48920 is a critical vulnerability in PutongOJ versions before 2.1.0-beta.1 that allows unprivileged users to gain administrative access, potentially compromising the entire system.
You are affected if you are running PutongOJ versions prior to 2.1.0-beta.1. Check your version and upgrade immediately.
Upgrade to PutongOJ version 2.1.0-beta.1 or apply the manual patch from commit 211dfe9.
While no widespread exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a potential for active exploitation.
Refer to the PutongOJ project's official website and security advisories for the latest information and updates regarding CVE-2024-48920.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.