Mahara

Overview
Code
Bugs
Blueprints
Translations
Answers

Series 17.10
Bug #1817221
Comment #1

Comment 1 for bug 1817221

Revision history for this message

Kristina Hoeppner (kris-hoeppner) wrote on 2019-03-12:

Note for the forum announcement:

Disable logins for everyone when root user is suspended

Severity: Medium
Vulnerability type: Insecure permissions

An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system.

Reported by Robert Lyon (Catalyst)
Bug report: https://bugs.launchpad.net/mahara/+bug/1817221
CVE reference: CVE-2019-9708

Link CVE number to https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9708