The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform unintended actions, such as modifying assignment grades, via crafted requests. This issue has been patched in version 4.2.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Tue, 03 Feb 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform unintended actions, such as modifying assignment grades, via crafted requests. This issue has been patched in version 4.2. | |
| Title | Open eClass is Vulnerable to CSRF in Teacher-Restricted Endpoints Allows Unauthorized Actions | |
| Weaknesses | CWE-352 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-02-03T16:58:57.928Z
Reserved: 2026-01-23T20:40:23.387Z
Link: CVE-2026-24666
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-02-03T18:16:19.690
Modified: 2026-02-03T18:16:19.690
Link: CVE-2026-24666
Redhat
No data.
OpenCVE Enrichment
No data.