Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-1000155

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.

Related bugs and status

CVE-2017-1000155 (Candidate) is related to these bugs:

Bug #1600069: See other's profile images one is not meant to

		In	Importance	Status
1600069	See other's profile images one is not meant to	Mahara	Medium	Fix Released
1600069	See other's profile images one is not meant to	Mahara 15.04	Medium	Fix Released
1600069	See other's profile images one is not meant to	Mahara 15.10	Medium	Fix Released
1600069	See other's profile images one is not meant to	Mahara 16.04	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...