Disable logins for everyone when root user is suspended
Severity: Medium
Vulnerability type: Insecure permissions
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system.
Note for the forum announcement:
Disable logins for everyone when root user is suspended
Severity: Medium
Vulnerability type: Insecure permissions
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system.
Reported by Robert Lyon (Catalyst) /bugs.launchpad .net/mahara/ +bug/1817221
Bug report: https:/
CVE reference: CVE-2019-9708
Link CVE number to https:/ /cve.mitre. org/cgi- bin/cvename. cgi?name= 2019-9708