Forums | Mahara Community

Security Announcements /
Security issue relating to Access control and session cookies <15.04.15, <16.04.9, <16.10.6, <17.04.4

This topic is closed. Only moderators and the group administrators can post new replies.
Robert Lyon's profile picture
Posts: 678

30 October 2017, 14:34

Old session cookies can be used to access an account under certain conditions.

Mahara 15.04 before 15.04.15 and 16.04 before 16.04.9 and 16.10 before 16.10.6 and 17.04 before 17.04.4 are vulnerable to a user account being accessed with old session cookies if they closed browser rather than logging out.

Reported by Mushraf Mustafa
Bug report:
CVE: CVE-2017-14163

1 result