Create portfolios

Using Mahara, students and staff create their personal learning stories by uploading evidence of activities they have participated in, and embedding publicly accessible content they have previously put online. They can write reflections on their experiences that frame this evidence, map it to competencies or registration requirements, and provide necessary context.

Mahara can be used for many different portfolio purposes, such as study, professional development, work-integrated learning, assessment, showcase and presentation, and employability.

Engage with others

Mahara makes it easy to comment and give feedback. Portfolios can also be submitted to learning management systems via LTI (Learning Tools Interoperability) for marking.

Groups in Mahara allow people to create portfolios collaboratively and engage in forum discussions.

Mahara Community

Forums | Mahara Community

Security Announcements /
Security issue relating to incorrect access control in Elasticsearch results <18.10.5, <19.04.4, <19.10.2

This topic is closed. Only moderators and the group administrators can post new replies.

Kristina Hoeppner

Posts: 4863

04 March 2020, 18:38

Vulnerability type: Incorrect access control
Impact: Information disclosure
Affected: Elasticsearch implementation in Mahara

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that information any more.

Reference: Launchpad bug 1840201
Credit: Lisa Seeto and Robert Lyon (Catalyst IT)
CVE reference: CVE-2020-9386

Get the latest releases from our Git repository. You can also download them from Launchpad:

Edits to this post:

Kristina Hoeppner - 07 March 2020, 17:51

1 result

Portfolios for your learning community

Create portfolios

Engage with others

Listen to portfolio stories

Forums | Mahara Community

Security Announcements /
Security issue relating to incorrect access control in Elasticsearch results <18.10.5, <19.04.4, <19.10.2

Edits to this post:

Subscribe to our monthly newsletter

Portfolios for your learning community

Create portfolios

Share work

Engage with others

Listen to portfolio stories

Forums | Mahara Community

Security Announcements / Security issue relating to incorrect access control in Elasticsearch results <18.10.5, <19.04.4, <19.10.2

Edits to this post:

Subscribe to our monthly newsletter

Security Announcements /
Security issue relating to incorrect access control in Elasticsearch results <18.10.5, <19.04.4, <19.10.2