Vulnerability type: Incorrect access control
Attack type: Remote
Impact: Information disclosure
Affected components: Folder names in the 'Files' area in Mahara.
Suggested description: In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the 'Files' area could be seen by a person not owning the folders. Files and file names themselves were not affected and were not disclosed.
For the security forum announcement (missing CVE number at present):
Able to see name of another account holder's folder /bugs.launchpad .net/mahara/ +bug/1952808
https:/
Vulnerability type: Incorrect access control
Attack type: Remote
Impact: Information disclosure
Affected components: Folder names in the 'Files' area in Mahara.
Suggested description: In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the 'Files' area could be seen by a person not owning the folders. Files and file names themselves were not affected and were not disclosed.
Reported by: Robert Lyon /bugs.launchpad .net/mahara/ +bug/1952808
Bug report: https:/
CVE reference: TBC