Mahara ePortfolio System

Mahara Community

Forums > Security Announcements

Click Jacking Vulnerability

This topic is closed. Only moderators and the group administrators can post new replies.
Posts: 48
09 October 2012, 11:19 PM

Click Jacking Vulnerability

Category: Click-Jacking
Severity: High
Versions affected: < 1.4.5, < 1.5.4
Reported by: Ajay Singh Negi
Identifier: CVE-2012-2246
Bug report: https://bugs.launchpad.net/mahara/+bug/1057240

As part of the now ended Mahara Security Bug Bounty Program, a critical cross-site scripting vulnerability was discovered. The vulnerability has been fixed by the Mahara core developers.

Upgrading to Mahara 1.4.5 or 1.5.4 is strongly recommended. Note that some older browsers will still be affected by this vulnerability after the upgrade. Upgrading of your users browsers is also strongly recommended.

Download links for fixed versions:
    https://launchpad.net/mahara/+milestone/1.4.5 
    https://launchpad.net/mahara/+milestone/1.5.4