Vulnerability type: CSRF
Attack type: Physical?
Impact: Information disclosure, other
Affected components: Non-cryptographically random generated tokens are too easily guessable. They should be rendered in a cryptographical way. The current function to generate random keys is not random enough.
Suggested description: Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.
Related to https:/ /cve.mitre. org/cgi- bin/cvename. cgi?name= 2021-29349 but is specifically looking at the random token generator
Vulnerability type: CSRF
Attack type: Physical?
Impact: Information disclosure, other
Affected components: Non-cryptograph ically random generated tokens are too easily guessable. They should be rendered in a cryptographical way. The current function to generate random keys is not random enough.
Suggested description: Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.
Reported by: Catalyst IT /bugs.launchpad .net/mahara/ +bug/1930171 /cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2022- 28892
Bug report: https:/
CVE reference: CVE-2022-28892 https:/