GitHub Security Lab (GHSL) Vulnerability Report:
- Arbitrary File Write leading up to RCE in SubmissionsController (GHSL-2024-060)
Impact
An arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (both students and instructors) to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application.
Patches
MarkUs v2.4.8 has addressed this issue.
Workarounds
In terms of application level, the best way is to upgrade.
References
#7026
david-yz-liu Remediation developer
GitHub Security Lab (GHSL) Vulnerability Report:
Impact
An arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (both students and instructors) to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application.
Patches
MarkUs v2.4.8 has addressed this issue.
Workarounds
In terms of application level, the best way is to upgrade.
References
#7026