Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-43264

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character.

Related bugs and status

CVE-2021-43264 (Candidate) is related to these bugs:

Bug #1944979: Path traversal leads to unauthenticated HTML file disclosure

		In	Importance	Status
1944979	Path traversal leads to unauthenticated HTML file disclosure	Mahara	High	Fix Released
1944979	Path traversal leads to unauthenticated HTML file disclosure	Mahara 20.10	High	Fix Released
1944979	Path traversal leads to unauthenticated HTML file disclosure	Mahara 20.04	High	Fix Released
1944979	Path traversal leads to unauthenticated HTML file disclosure	Mahara 21.04	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...
MISC: https://mahara.org/int...