Forums | Mahara Community

Security Announcements /
Security issue relating to access control <1.9.7, <1.10.5, <15.04.2

Aaron Wells's profile picture
Posts: 896

10 July 2015, 6:11 PM

The site-level setting to disallow anonymous comments was not honoured on artefact detail pages. A page owner could allow anonymous comments on their artefacts, even if the site administrators had chosen to forbid this.

Category: Access control
Severity: Medium
Versions affected: <1.9.7, <1.10.5, <15.04.2
Reported by: Wen-Chang Chien
Bug reports:
CVE reference: 2017-1000145

Edits to this post:
1 result