Create portfolios

Using Mahara, students and staff create their personal learning stories by uploading evidence of activities they have participated in, and embedding publicly accessible content they have previously put online. They can write reflections on their experiences that frame this evidence, map it to competencies or registration requirements, and provide necessary context.

Mahara can be used for many different portfolio purposes, such as study, professional development, work-integrated learning, assessment, showcase and presentation, and employability.

Engage with others

Mahara makes it easy to comment and give feedback. Portfolios can also be submitted to learning management systems via LTI (Learning Tools Interoperability) for marking.

Groups in Mahara allow people to create portfolios collaboratively and engage in forum discussions.

Mahara Community

Forums | Mahara Community

Security Announcements /
Accessing page help causing path traversal in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0

This topic is closed. Only moderators and the group administrators can post new replies.

Robert Lyon

Posts: 756

29 October 2021, 17:06

Vulnerability type: Path traversal
Attack type: Local
Impact: Access escalation

Affected components: The help icon for 'page help'
Attack vectors: If a person alters the path to the page help file they can traverse to find other .html files outside the site's webroot and potentially find sensitive information.

Description: In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, addjusting the path component for the page help file could cause seeing html files that you are not allowed to access.

Reported by: Dominic Couture
Bug report: https://bugs.launchpad.net/mahara/+bug/1944979
CVE reference: CVE-2021-43264

Edits to this post:

Kristina Hoeppner - 04 November 2021, 15:36

1 result

Portfolios for your learning community

Create portfolios

Engage with others

Listen to portfolio stories

Forums | Mahara Community

Security Announcements /
Accessing page help causing path traversal in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0

Edits to this post:

Subscribe to our monthly newsletter

Portfolios for your learning community

Create portfolios

Share work

Engage with others

Listen to portfolio stories

Forums | Mahara Community

Security Announcements / Accessing page help causing path traversal in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0

Edits to this post:

Subscribe to our monthly newsletter

Security Announcements /
Accessing page help causing path traversal in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0