Launchpad.net

CVE 2018-11195

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.

Related bugs and status

CVE-2018-11195 (Candidate) is related to these bugs:

Bug #1770561: Browser back and refresh button attack vulnerability

		In	Importance	Status
1770561	Browser back and refresh button attack vulnerability	Mahara	High	Fix Released
1770561	Browser back and refresh button attack vulnerability	Mahara 17.04	High	Fix Released
1770561	Browser back and refresh button attack vulnerability	Mahara 18.10	High	Fix Released
1770561	Browser back and refresh button attack vulnerability	Mahara 17.10	High	Fix Released
1770561	Browser back and refresh button attack vulnerability	Mahara 18.04	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.launchpad...
CONFIRM: https://mahara.org/int...