Forums | Mahara Community

Security Announcements /
Security issue relating to information disclosure <18.10.5, <19.04.4, <19.10.2

This topic is closed. Only moderators and the group administrators can post new replies.
Kristina Hoeppner's profile picture
Posts: 4404

04 March 2020, 18:47

Vulnerability type: Information disclosure; account on the system required
Severity: High

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.

Reported by: Kristina Hoeppner and Robert Lyon (Catalyst IT)
Bug report: Launchpad bug 1863043
CVE reference: CVE-2020-9282

Get the latest releases from our Git repository. You can also download them from Launchpad:

1 result