Create portfolios

Using Mahara, students and staff create their personal learning stories by uploading evidence of activities they have participated in, and embedding publicly accessible content they have previously put online. They can write reflections on their experiences that frame this evidence, map it to competencies or registration requirements, and provide necessary context.

Mahara can be used for many different portfolio purposes, such as study, professional development, work-integrated learning, assessment, showcase and presentation, and employability.

Engage with others

Mahara makes it easy to comment and give feedback. Portfolios can also be submitted to learning management systems via LTI (Learning Tools Interoperability) for marking.

Groups in Mahara allow people to create portfolios collaboratively and engage in forum discussions.

Mahara Community

Forums | Mahara Community

Security Announcements /
Private group, site, or institution portfolios can be accessed by the URL without logging in by going to the URL in Mahara before 21.10.1 and 21.04.3

This topic is closed. Only moderators and the group administrators can post new replies.

Doris ⚡

Posts: 99

09 February 2022, 17:26

Vulnerability type: Incorrect access control
Attack type: Remote
Impact: Information disclosure
Affected components: Portfolios created in groups, on the institution, and the site level that have not been shared.
Description: In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known.
Reported by: Doris Tam
Bug report: Launchpad 1959146
CVE reference: CVE-2022-24111

1 result

Portfolios for your learning community

Create portfolios

Engage with others

Listen to portfolio stories

Forums | Mahara Community

Security Announcements /
Private group, site, or institution portfolios can be accessed by the URL without logging in by going to the URL in Mahara before 21.10.1 and 21.04.3

Subscribe to our monthly newsletter

Portfolios for your learning community

Create portfolios

Share work

Engage with others

Listen to portfolio stories

Forums | Mahara Community

Security Announcements / Private group, site, or institution portfolios can be accessed by the URL without logging in by going to the URL in Mahara before 21.10.1 and 21.04.3

Subscribe to our monthly newsletter

Security Announcements /
Private group, site, or institution portfolios can be accessed by the URL without logging in by going to the URL in Mahara before 21.10.1 and 21.04.3