Forums | Mahara Community

Security Announcements /
Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1

This topic is closed. Only moderators and the group administrators can post new replies.
Cecilia Vela's profile picture
Posts: 110

30 May 2018, 17:36

Prevent disclosing usernames that are taken explicitly

Impact: Information disclosure

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning which usernames are already taken.

Reported by Steven Spinelli
Bug report:
CVE reference: CVE-2018-11565

Edits to this post:

1 result