Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-1000134

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.

Related bugs and status

CVE-2017-1000134 (Candidate) is related to these bugs:

Bug #1267686: Group member can't access their own group file

		In	Importance	Status
1267686	Group member can't access their own group file	Mahara	High	Fix Released
1267686	Group member can't access their own group file	Mahara 1.10	High	Fix Released
1267686	Group member can't access their own group file	Mahara 1.9	High	Fix Released
1267686	Group member can't access their own group file	Mahara 15.04	High	Fix Released
1267686	Group member can't access their own group file	Mahara 1.8	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...