Vulnerability type: Path traversal
Attack type: Local
Impact: Access escalation
Affected components: The help icon for 'page help'
Attack vectors: If a person alters the path to the page help file they can traverse to find other .html files outside the site's webroot and potentially find sensitive information.
Suggested description: In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, addjusting the path component for the page help file could cause seeing html files that you are not allowed to access.
For the security forum post:
Vulnerability type: Path traversal
Attack type: Local
Impact: Access escalation
Affected components: The help icon for 'page help'
Attack vectors: If a person alters the path to the page help file they can traverse to find other .html files outside the site's webroot and potentially find sensitive information.
Suggested description: In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, addjusting the path component for the page help file could cause seeing html files that you are not allowed to access.
Reported by: Dominic Couture /bugs.launchpad .net/mahara/ +bug/1944979
Bug report: https:/
CVE reference: TBC