Forums | Mahara Community
Security Announcements
/
Suspended user access vulnerability in <1.6.9, <1.7.5, <1.8.2
This topic is closed. Only moderators and the group administrators can post new replies.
03 April 2014, 15:35
Suspended users can login via the "reset password" link
Category: Access controlSeverity:
Versions affected: <1.6.9, <1.7.5, <1.8.2
Reported by: Aaron Wells
Bug reports: https://bugs.launchpad.net/mahara/+bug/1284876
CVE reference: CVE-2014-8697
As these vulnerabilities affect the privacy and data integrity of Mahara users, we strongly recommend that all Mahara administrators upgrade to the latest version: 1.6.9, 1.7.5, or 1.8.2
Download links for fixed versions:
- https://launchpad.net/mahara/+milestone/1.6.9
- https://launchpad.net/mahara/+milestone/1.7.5
- https://launchpad.net/mahara/+milestone/1.8.2
[Update from Kristina was to add CVE reference]
Edits to this post:
-
Kristina Hoeppner - 24 November 2014, 13:25
1 result