Forums | Mahara Community
Web services token vulnerablity in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0,
29 October 2021, 16:52
Vulnerability type: Insecure permissions
Attack type: Remote
Impact: Information disclosure, escalation of privileges
Affected components: A token-based web service authenticates the owner of the token so that functions called by the web service can only be executed if the authenticated token owner can run those functions. However, the session of this token is not ended when the web service call throws an error. This means if you try to access a site with a crafted URL containing a valid token but no web service function, there will be an error message page, and if you then go to the homepage of the site, you will be logged in as the token owner.
Description: In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure at minimum and often escalation of privileges.
Reported by: Catalyst IT
Bug report: https://bugs.launchpad.net/mahara/+bug/1930469
CVE reference: CVE-2021-40849