Volerion logoVolerion
Volerion logoVolerion

Open edX Platform CourseLimitedStaffRole Studio Access Vulnerability

Vulnerability

A vulnerability exists in the Open edX Platform's course management system, specifically within the 'CourseLimitedStaffRole'. Prior to the recent patch, users with this role could improperly access and edit courses in the studio environment if the role was assigned at the organizational level, rather than for individual courses. Additionally, these users could view a list of courses associated with this role in the studio, despite not being authorized for such access. This issue has been addressed in the latest commit.

Impact

Exploitation of this vulnerability allows 'CourseLimitedStaffRole' users to access, edit, and manage courses in the studio environment, contrary to the intended restrictions of their role.

Reproduction

The vulnerability can be reproduced by assigning the 'CourseLimitedStaffRole' to a user at the organizational level. Once this role is assigned, the user can access and edit courses in the studio environment, as well as list these courses, despite not having the appropriate permissions.

Remediation

Users should upgrade to the latest version of the Open edX Platform where this issue has been fixed.

Added: Dec 16, 2025, 7:34 PM
Updated: Dec 16, 2025, 7:34 PM

Vulnerability Rating

Custom Algorithm
spread
2.2
impact
5.0
exploitability
6.4
remediation
0.0
relevance
1.4
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.