Mahara Community

Forums | Mahara Community

Security Announcements /
Security issues relating to CSRF <1.8.6, <1.9.4, <1.10.1

This topic is closed. Only moderators and the group administrators can post new replies.
Robert Lyon's profile picture
Robert Lyon
Posts: 773

26 November 2014, 12:14

SSRF (Server Side Request Forgery) is a vulnerability allowing
requests to be made from the context of the server. This could allow
an attacker to gain access to previously unknown data.

Category:     CSRF
Severity:     High
Versions affected:  <1.8.6, <1.9.4, <1.10.1
Reported by:     Hugh Davenport
Bug report: https://bugs.launchpad.net/mahara/+bug/1394820
CVE reference: CVE-2014-9088

-------------------------------------------------------------------------------------------------------------------

Cookie lacking "secure" flag for HTTPS sites

Category: CSRF
Severity: Low
Versions affected: <1.8.6, <1.9.4, <1.10.1
Reported by: Hammad Mahmood
Bug report: https://bugs.launchpad.net/mahara/+bug/1384009
CVE reference: CVE-2014-8693

[Update from Kristina was to add CVE number for the SSRF issue]

Edits to this post:

1 result