Comment 1 for bug 1952808
Revision history for this message
| Kristina Hoeppner (kris-hoeppner) wrote | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
For the security forum announcement (missing CVE number at present):
Able to see name of another account holder's folder
https:/
Vulnerability type: Incorrect access control
Attack type: Remote
Impact: Information disclosure
Affected components: Folder names in the 'Files' area in Mahara.
Suggested description: In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the 'Files' area could be seen by a person not owning the folders. Files and file names themselves were not affected and were not disclosed.
Reported by: Robert Lyon
Bug report: https:/
CVE reference: TBC