Launchpad CVE tracker

CVE 2022-28892

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.

Related bugs and status

CVE-2022-28892 (Candidate) is related to these bugs:

Bug #1930171: Strengthen the non-cryptographically random generated tokens

		In	Importance	Status
1930171	Strengthen the non-cryptographically random generated tokens	Mahara	High	Fix Released
1930171	Strengthen the non-cryptographically random generated tokens	Mahara 21.10	High	Fix Released
1930171	Strengthen the non-cryptographically random generated tokens	Mahara 20.10	High	Fix Released
1930171	Strengthen the non-cryptographically random generated tokens	Mahara 21.04	High	Fix Released
1930171	Strengthen the non-cryptographically random generated tokens	Mahara 22.04	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...
CONFIRM: https://mahara.org/int...

Launchpad.net

CVE 2022-28892

Related bugs and status

Related bugs

References