Mahara

Only allow images to be served by thumb.php

  1. Series 22.10
  2. Bug #1978520
Bug #1978520 reported by Kristina Hoeppner
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
21.04
Fix Released
Critical
Unassigned
Mahara 21.04.6
21.10
Fix Released
Critical
Unassigned
Mahara 21.10.4
22.04
Fix Released
Critical
Unassigned
Mahara 22.04.2
22.10
Fix Released
Critical
Robert Lyon
Mahara 22.10.0

Bug Description

Files are accessible and can be enumerated by their ID via thumb.php and a particular option.

CVE References

Kristina Hoeppner (kris-hoeppner)
information type: Public → Public Security
information type: Public Security → Private Security
Kristina Hoeppner (kris-hoeppner)
summary: - Files are accessible publicly through thumb.php
+ Only allow images to be served by thumb.php
Kristina Hoeppner (kris-hoeppner)
information type: Private Security → Public Security
Kristina Hoeppner (kris-hoeppner)
no longer affects: mahara
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.