Using Mahara, students and staff create their personal learning stories by uploading evidence of activities they have participated in, and embedding publicly accessible content they have previously put online. They can write reflections on their experiences that frame this evidence, map it to competencies or registration requirements, and provide necessary context.
Mahara can be used for many different portfolio purposes, such as study, professional development, work-integrated learning, assessment, showcase and presentation, and employability.
Mahara allows portfolios to be shared flexibly with one person, a specific group of people, or the entire world. Access can be further restricted to a particular time frame or just within an assessment task.
Mahara makes it easy to comment and give feedback. Portfolios can also be submitted to learning management systems via LTI (Learning Tools Interoperability) for marking.
Groups in Mahara allow people to create portfolios collaboratively and engage in forum discussions.
In our podcast 'Create. Share. Engage.' portfolio practitioners, researchers, learning designers, and portfolio authors share their journey. Learn how they navigate the many different facets of portfolios in general, and Mahara specifically.
Do you want to stay updated on the latest news from Mahara and wider portfolio community? Subscribe to the monthly Mahara newsletter from Catalyst, the maintainers of Mahara.
Related to CVE 2021-29349 but is specifically looking at the random token generator
Vulnerability type: CSRF
Attack type: Physical
Impact: Information disclosure, other
Affected components: Non-cryptographically random generated tokens are too easily guessable. They should be rendered in a cryptographical way. The current function to generate random keys is not random enough.
Suggested description: Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.
Reported by: Catalyst IT
Bug report
CVE reference: CVE-2022-28892