Mahara

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1863043
Comment #5

Comment 5 for bug 1863043

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2020-03-04:

To be posted in the security forum:

Information disclosure on the "Edit access" page

Severity: High
Vulnerability type: Information disclosure

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.

Reported by: Kristina Hoeppner and Robert Lyon (Catalyst IT)
Bug report: https://bugs.launchpad.net/mahara/+bug/1863043
CVE reference: CVE-2020-9282

Link CVE number above to https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-9282