Forums | Mahara Community

Security Announcements /
Privilege Escalation (MNet) in Mahara 1.4.0 and 1.3.6


This topic is closed. Only moderators and the group administrators can post new replies.
François Marier's profile picture
Posts: 411

03 November 2011, 17:56

Category: Privilege Escalation
Severity: Low
Versions affected: < 1.3.7, < 1.4.1
Reported by: Mahara Team
Identifier: CVE-2011-4118
Bug report: 884223

It has come to our attention that MNet offers Mahara administrators the ability to potentially escalate their privileges onto MNet peers by masquerading as other Mahara users before jumping to a remote site.

All Mahara sites which have MNet enabled are encouraged to upgrade to the latest version in addition to making sure that only a small number of trusted users have site administration rights.

Edits to this post:
1 result