Forums | Mahara Community

Security Announcements /
Privilege escalation in Mahara 1.1.6 and 1.0.12


This topic is closed. Only moderators and the group administrators can post new replies.

29 October 2009, 5:31 PM

Category:Privilege escalation
Severity:Major
Versions affected:< 1.0.13, < 1.1.7
Reported by:Ruslan Kabalin of Lancaster University Network Services
Identifier: CVE-2009-3298

It has been discovered that in previous releases of Mahara, it was possible for an institution administrator to reset the password of the site administrator in certain cases.

Upgrading to Mahara 1.1.7 or 1.0.13 is strongly recommended for all sites using multiple institutions.

1 result