Forums | Mahara Community

Security Announcements /
Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1


This topic is closed. Only moderators and the group administrators can post new replies.
Cecilia Vela's profile picture
Posts: 70

30 May 2018, 5:31 PM

Prevent a back and refresh attack through the web browser

Impact: Information disclosure

Description:
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.

Reported by Shekhar Suman
Bug report: https://bugs.launchpad.net/mahara/+bug/1770561
CVE reference: CVE-2018-11195

1 result