CVE 2011-1404
Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/
Related bugs and status
CVE-2011-1404 (Candidate) is related to these bugs:
Bug #746182: Overriding start/stop dates not checked
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
746182 | Overriding start/stop dates not checked | Mahara | High | Fix Released | ||
746182 | Overriding start/stop dates not checked | Mahara 1.2 | High | Fix Released | ||
746182 | Overriding start/stop dates not checked | Mahara 1.3 | High | Fix Released | ||
746182 | Overriding start/stop dates not checked | Mahara 1.0 | High | Won't Fix |
Bug #771623: Check edit permissions in tasks.json.php
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
771623 | Check edit permissions in tasks.json.php | Mahara | High | Fix Released | ||
771623 | Check edit permissions in tasks.json.php | Mahara 1.3 | High | Fix Released |
Bug #771637: Check view permissions in viewtasks.json.php
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
771637 | Check view permissions in viewtasks.json.php | Mahara | High | Fix Released | ||
771637 | Check view permissions in viewtasks.json.php | Mahara 1.3 | High | Fix Released |
Bug #771644: Check edit permissions in blog index.json.php
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
771644 | Check edit permissions in blog index.json.php | Mahara | High | Fix Released | ||
771644 | Check edit permissions in blog index.json.php | Mahara 1.3 | High | Fix Released |
Bug #771653: Check view permissions in blog posts.json.php
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
771653 | Check view permissions in blog posts.json.php | Mahara | High | Fix Released | ||
771653 | Check view permissions in blog posts.json.php | Mahara 1.3 | High | Fix Released |
Bug #772140: Information disclosure in my friends pagination script
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
772140 | Information disclosure in my friends pagination script | Mahara | High | Fix Released | ||
772140 | Information disclosure in my friends pagination script | Mahara 1.3 | High | Fix Released |
Bug #772160: Userlist element json script reveals user information
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
772160 | Userlist element json script reveals user information | Mahara | High | Fix Released | ||
772160 | Userlist element json script reveals user information | Mahara 1.2 | High | Fix Released | ||
772160 | Userlist element json script reveals user information | Mahara 1.3 | High | Fix Released |
Bug #772174: Group member search json script reveals user information
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
772174 | Group member search json script reveals user information | Mahara | High | Fix Released | ||
772174 | Group member search json script reveals user information | Mahara 1.3 | High | Fix Released |
Bug #772179: Ajax script for friend search pagination reveals user information
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
772179 | Ajax script for friend search pagination reveals user information | Mahara | High | Fix Released | ||
772179 | Ajax script for friend search pagination reveals user information | Mahara 1.2 | High | Fix Released | ||
772179 | Ajax script for friend search pagination reveals user information | Mahara 1.3 | High | Fix Released |
Bug #780917: Major security updates for Mahara
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
780917 | Major security updates for Mahara | mahara (Ubuntu) | Undecided | Fix Released | ||
780917 | Major security updates for Mahara | mahara (Ubuntu Lucid) | High | Fix Released | ||
780917 | Major security updates for Mahara | mahara (Ubuntu Maverick) | High | Fix Released | ||
780917 | Major security updates for Mahara | mahara (Ubuntu Natty) | High | Fix Released | ||
780917 | Major security updates for Mahara | mahara (Ubuntu Oneiric) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.