CVE-2023-27485
Description
thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying `subresults`, it is possible to query `subresults` from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit `f1ae67d8bb2`and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue.
References
Release Notes
Product
Patch
PatchThird Party Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics