Forums | Mahara Community

Security Announcements /
Suspended user access vulnerability in <1.6.9, <1.7.5, <1.8.2


This topic is closed. Only moderators and the group administrators can post new replies.
Aaron Wells's profile picture
Posts: 896

03 April 2014, 15:35

Suspended users can login via the "reset password" link

Category: Access controlSeverity:
Versions affected: <1.6.9, <1.7.5, <1.8.2
Reported by: Aaron Wells
Bug reports: https://bugs.launchpad.net/mahara/+bug/1284876
CVE reference: CVE-2014-8697

As these vulnerabilities affect the privacy and data integrity of Mahara users, we strongly recommend that all Mahara administrators upgrade to the latest version: 1.6.9, 1.7.5, or 1.8.2

Download links for fixed versions:

[Update from Kristina was to add CVE reference]

Edits to this post:
1 result