Forums | Mahara Community
Privilege Escalation (MNet) in Mahara 1.4.0 and 1.3.6
03 November 2011, 17:56
|Versions affected:||< 1.3.7, < 1.4.1|
|Reported by:||Mahara Team|
It has come to our attention that MNet offers Mahara administrators the ability to potentially escalate their privileges onto MNet peers by masquerading as other Mahara users before jumping to a remote site.
All Mahara sites which have MNet enabled are encouraged to upgrade to the latest version in addition to making sure that only a small number of trusted users have site administration rights.
Edits to this post:
- François Marier - 16 November 2011, 3:09