Forums | Mahara Community

Security Announcements /
Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1


This topic is closed. Only moderators and the group administrators can post new replies.
Cecilia Vela's profile picture
Posts: 110

30 May 2018, 17:36

Prevent disclosing usernames that are taken explicitly

Impact: Information disclosure

Description:
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning which usernames are already taken.

Reported by Steven Spinelli
Bug report: https://bugs.launchpad.net/mahara/+bug/1772774
CVE reference: CVE-2018-11565

Edits to this post:
1 result