Launchpad CVE tracker

CVE 2020-9282

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.

Related bugs and status

CVE-2020-9282 (Candidate) is related to these bugs:

Bug #1863043: Don't display personal information beyond what is necessary in "Edit access" Ajax response

		In	Importance	Status
1863043	Don't display personal information beyond what is necessary in "Edit access" Ajax response	Mahara	High	Fix Released
1863043	Don't display personal information beyond what is necessary in "Edit access" Ajax response	Mahara 19.04	High	Fix Released
1863043	Don't display personal information beyond what is necessary in "Edit access" Ajax response	Mahara 18.10	High	Fix Released
1863043	Don't display personal information beyond what is necessary in "Edit access" Ajax response	Mahara 19.10	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-9282

References