PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any group. The server accepts the message and stores it in the group’s chatContent, so this is not just a visual spam issue.
The WebSocket endpoint available at wss://polarlearn.nl/api/v1/ws accepts connections without verifying user identity (no required login). An attacker can subscribe to any group chat by providing only the group UUID, and then send messages to it. The server accepts and saves the submitted content in the chatContent field of the given group — this is therefore not merely a visual spam effect, but a permanent modification of data.
An unauthorized attacker can read the entire chat history of any group and write false or malicious messages to it, leading to a breach of confidentiality and integrity of data stored in the system.
Apply the patch available in the project repository (commit 3ba588fda0d3f8e238483a20772719f27e52e79f) or update the application according to the recommendations described in the official security advisory GHSA-gvjm-5pw7-6c8c on GitHub
PolarLearn in version 0-PRERELEASE-16 and earlier pre-release versions
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XPolarlearn
APPPolarlearnwszystkie wersje
Related vulnerabilities
PolarLearn: Pominięcie weryfikacji hasła przy logowaniu zbanowanych kont
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassword(userI...
PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`...
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnera...
PolarLearn to darmowy program edukacyjny o otwartym kodzie źródłowym. W wersji 0-PRERELEASE-15 i wcześniejszyc...