Impact
There is a vulnerability where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the endpoint, which is not necessarily the class the submission is attached to.
Patches
Will be patched soon
Workarounds
No workarounds
NicholasMy Analyst
Impact
There is a vulnerability where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the endpoint, which is not necessarily the class the submission is attached to.
Patches
Will be patched soon
Workarounds
No workarounds