Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-1000150

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.

Related bugs and status

CVE-2017-1000150 (Candidate) is related to these bugs:

Bug #1567784: Session ID's not being regenerated

		In	Importance	Status
1567784	Session ID's not being regenerated	Mahara	High	Fix Released
1567784	Session ID's not being regenerated	Mahara 15.04	High	Fix Released
1567784	Session ID's not being regenerated	Mahara 15.10	High	Fix Released
1567784	Session ID's not being regenerated	Mahara 16.10	High	Fix Released
1567784	Session ID's not being regenerated	Mahara 16.04	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...