03 October 2013, 22:49

Multiple Access Control Vulnerabilities in <1.5.12, <1.6.7, <1.7.3

Category:     Access Control
Severity:     High
Versions affected:  <1.5.12, <1.6.7, <1.7.3
Reported by:     Tom, Aaron Wells
Bug reports: 1211758, 1233500
CVE references: CVE-2013-4429, CVE-2013-4431

Access control vulnerabilities were reported which allow a logged-in attacker to access and manipulate other users' Artefacts and Blocks. These vulnerabilities have been fixed by the Mahara core developers.

As these vulnerabilities affect the privacy and data integrity of all Mahara users, we strongly recommend that all Mahara administrators upgrade to the latest version: 1.5.12, 1.6.7, or 1.7.3.

Download links for fixed versions:

• https://launchpad.net/mahara/1.5/1.5.12
• https://launchpad.net/mahara/1.6/1.6.7
• https://launchpad.net/mahara/1.7/1.7.3

(Update was for adding CVE numbers)