CVE-2024-48920 — AI Deep Analysis Summary

🚨 **Essence**: Access Control Error in Putong Online Judge. <br>💥 **Consequences**: Non-privileged users can escalate privileges to admin level. This compromises sensitive data and system integrity.…

🛡️ **CWE**: CWE-306 (Improper Control of a Single Resource for Multiple Functions). <br>🔍 **Flaw**: The system fails to properly enforce access controls.…

📦 **Product**: Putong Online Judge (PutongOJ). <br>👤 **Vendor**: acm309. <br>📉 **Affected Versions**: All versions **before** 2.1.0-beta.1. If you are running an older beta or stable release, you are vulnerable.

🕵️ **Hacker Actions**: Execute **Administrator-level operations**. <br>📂 **Data Impact**: Access to sensitive data. <br>⚠️ **System Impact**: Compromise of system integrity.…

⚡ **Threshold**: **LOW**. <br>🔑 **Auth**: No authentication required (PR:N). <br>🌐 **Network**: Network accessible (AV:N). <br>🎯 **Complexity**: Low (AC:L). No user interaction needed (UI:N). Easy to exploit remotely.

🧨 **Public Exploit**: **No**. The `pocs` field is empty in the provided data. While the flaw is clear, no specific Proof-of-Concept (PoC) code is publicly available in this dataset yet.

🔍 **Self-Check**: Check your PutongOJ version. <br>📋 **Scan**: Look for version strings < 2.1.0-beta.1. <br>🛡️ **Monitor**: Watch for unusual admin-level actions performed by standard user accounts in logs.

✅ **Fixed**: **YES**. <br>📦 **Patch**: Version **2.1.0-beta.1** fixes this issue. <br>🔗 **Source**: See GitHub release tag v2.1.0-beta.1 and the security advisory GHSA-gj6h-73c5-xw6f.

🚧 **Workaround**: If you cannot upgrade immediately: <br>1. Restrict network access to the OJ instance. <br>2. Implement strict WAF rules to block suspicious request patterns targeting admin endpoints. <br>3.…

🔥 **Urgency**: **HIGH**. <br>📊 **CVSS**: High severity (C:H, I:H). <br>⏳ **Action**: Upgrade to v2.1.0-beta.1 immediately.…