Forums | Mahara Community

Security Announcements /
Multiple Access Control Vulnerabilities in <1.5.12, <1.6.7, <1.7.3


This topic is closed. Only moderators and the group administrators can post new replies.
Aaron Wells's profile picture
Posts: 896

03 October 2013, 22:49

Multiple Access Control Vulnerabilities in <1.5.12, <1.6.7, <1.7.3

Category:     Access Control
Severity:     High
Versions affected:  <1.5.12, <1.6.7, <1.7.3
Reported by:     Tom, Aaron Wells
Bug reports: 1211758, 1233500
CVE references: CVE-2013-4429, CVE-2013-4431

Access control vulnerabilities were reported which allow a logged-in attacker to access and manipulate other users' Artefacts and Blocks. These vulnerabilities have been fixed by the Mahara core developers.

As these vulnerabilities affect the privacy and data integrity of all Mahara users, we strongly recommend that all Mahara administrators upgrade to the latest version: 1.5.12, 1.6.7, or 1.7.3.

Download links for fixed versions:

(Update was for adding CVE numbers)

Edits to this post:
1 result