Launchpad CVE tracker

CVE 2017-1000136

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.

Related bugs and status

CVE-2017-1000136 (Candidate) is related to these bugs:

Bug #1363873: Session Management Issue- Session is not invalidating after password change

		In	Importance	Status
1363873	Session Management Issue- Session is not invalidating after password change	Mahara	High	Fix Released
1363873	Session Management Issue- Session is not invalidating after password change	Mahara 15.04	High	Fix Released
1363873	Session Management Issue- Session is not invalidating after password change	Mahara 1.9	High	Fix Released
1363873	Session Management Issue- Session is not invalidating after password change	Mahara 1.10	High	Fix Released
1363873	Session Management Issue- Session is not invalidating after password change	Mahara 1.8	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2017-1000136

References