Forums | Mahara Community

Security Announcements /
Security issue relating to insecure permissions <17.10.8; <18.04.4: <18.10.1


This topic is closed. Only moderators and the group administrators can post new replies.
Robert Lyon's profile picture
Posts: 462

30 April 2019, 7:24 PM

Disable logins for everyone when root user is suspended

Severity: Medium
Vulnerability type: Insecure permissions

An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system.

Reported by Robert Lyon (Catalyst)
Bug report: https://bugs.launchpad.net/mahara/+bug/1817221
CVE reference: CVE-2019-9708

Edits to this post:
1 result