Forums | Mahara Community

Security Announcements /
Security issue relating to insecure permissions <17.10.8; <18.04.4: <18.10.1

This topic is closed. Only moderators and the group administrators can post new replies.
Robert Lyon's profile picture
Posts: 766

30 April 2019, 19:24

Disable logins for everyone when root user is suspended

Severity: Medium
Vulnerability type: Insecure permissions

An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system.

Reported by Robert Lyon (Catalyst)
Bug report:
CVE reference: CVE-2019-9708

Edits to this post:

1 result