Activity log for bug #1480329
| Date | Who | What changed | Old value | New value | Message |
|---|---|---|---|---|---|
| 2015-07-31 14:30:01 | abdullah | bug | added bug | ||
| 2015-08-05 04:42:06 | Aaron Wells | mahara: importance | Undecided | High | |
| 2015-08-05 04:42:08 | Aaron Wells | mahara: assignee | Aaron Wells (u-aaronw) | ||
| 2015-08-05 04:42:13 | Aaron Wells | mahara: milestone | 15.10.0 | ||
| 2015-08-05 04:42:16 | Aaron Wells | mahara: status | New | In Progress | |
| 2015-08-05 04:42:24 | Aaron Wells | nominated for series | mahara/15.04 | ||
| 2015-08-05 04:42:24 | Aaron Wells | bug task added | mahara/15.04 | ||
| 2015-08-05 04:42:24 | Aaron Wells | nominated for series | mahara/1.10 | ||
| 2015-08-05 04:42:24 | Aaron Wells | bug task added | mahara/1.10 | ||
| 2015-08-05 04:42:24 | Aaron Wells | nominated for series | mahara/15.10 | ||
| 2015-08-05 04:42:24 | Aaron Wells | bug task added | mahara/15.10 | ||
| 2015-08-05 04:42:24 | Aaron Wells | nominated for series | mahara/1.9 | ||
| 2015-08-05 04:42:24 | Aaron Wells | bug task added | mahara/1.9 | ||
| 2015-08-05 04:42:31 | Aaron Wells | mahara/15.04: milestone | 15.04.3 | ||
| 2015-08-05 04:42:35 | Aaron Wells | mahara/1.9: milestone | 1.9.8 | ||
| 2015-08-05 04:42:39 | Aaron Wells | mahara/1.10: milestone | 1.10.6 | ||
| 2015-08-05 04:42:41 | Aaron Wells | mahara/15.04: importance | Undecided | High | |
| 2015-08-05 04:42:44 | Aaron Wells | mahara/1.9: importance | Undecided | High | |
| 2015-08-05 04:42:47 | Aaron Wells | mahara/1.10: importance | Undecided | High | |
| 2015-08-05 04:42:50 | Aaron Wells | mahara/15.04: status | New | In Progress | |
| 2015-08-05 04:42:53 | Aaron Wells | mahara/1.9: status | New | In Progress | |
| 2015-08-05 04:42:57 | Aaron Wells | mahara/1.10: status | New | In Progress | |
| 2015-08-05 16:42:45 | Kristina Hoeppner | summary | CSRF bug | Session key is not checked during file upload | |
| 2015-08-19 03:56:00 | Robert Lyon | mahara/1.10: status | In Progress | Fix Committed | |
| 2015-08-19 03:56:03 | Robert Lyon | mahara/1.9: status | In Progress | Fix Committed | |
| 2015-08-19 03:56:04 | Robert Lyon | mahara/15.04: status | In Progress | Fix Committed | |
| 2015-08-19 03:56:05 | Robert Lyon | mahara/15.10: status | In Progress | Fix Committed | |
| 2015-08-19 04:57:30 | Aaron Wells | information type | Private Security | Public Security | |
| 2015-08-19 04:57:37 | Aaron Wells | mahara/1.10: status | Fix Committed | Fix Released | |
| 2015-08-19 04:58:45 | Robert Lyon | mahara/15.04: status | Fix Committed | Fix Released | |
| 2015-08-19 08:53:17 | Kristina Hoeppner | mahara/1.9: status | Fix Committed | Fix Released | |
| 2015-10-23 03:28:00 | Aaron Wells | mahara/15.10: status | Fix Committed | Fix Released | |
| 2017-06-28 04:38:22 | Herson Cruz | description | Hi this is Abdullah , I found CSRF make user upload files to any group without his know it can be used to attack admins to upload evil files . PoC : video http://www.youtube.com/watch?v=M-NyrwKBzmw&feature=youtu.be the fix : check sesskey is valid in (groupfiles.php) I hope put my name in release note . Are there a CVE for this bug ? Thanks Used mahara least version | Hi this is Abdullah , I found CSRF make user upload files to any group without his know it can be used to attack admins to upload evil files . PoC : video http://www.youtube.com/watch?v=M-NyrwKBzmw&feature=youtu.be the fix : check sesskey is valid in (groupfiles.php) I hope put my name in release note . Are there a CVE for this bug ? Thanks Used mahara least version | |
| 2017-11-07 03:36:14 | Kristina Hoeppner | cve linked | 2017-1000147 |
