Launchpad.net

CVE 2017-1000145

Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.

Related bugs and status

CVE-2017-1000145 (Candidate) is related to these bugs:

Bug #1460368: Even if you disallow anonymous comments at the site level, you can still place anonymous comments on artefacts

		In	Importance	Status
1460368	Even if you disallow anonymous comments at the site level, you can still place anonymous comments on artefacts	Mahara	Medium	Fix Released
1460368	Even if you disallow anonymous comments at the site level, you can still place anonymous comments on artefacts	Mahara 1.10	Medium	Fix Released
1460368	Even if you disallow anonymous comments at the site level, you can still place anonymous comments on artefacts	Mahara 1.9	Medium	Fix Released
1460368	Even if you disallow anonymous comments at the site level, you can still place anonymous comments on artefacts	Mahara 15.10	Medium	Fix Released
1460368	Even if you disallow anonymous comments at the site level, you can still place anonymous comments on artefacts	Mahara 15.04	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...