Forums | Mahara Community

Security Announcements /
Incorrect access control in Mahara before 21.04.7, 21.10.5, 22.04.3, and 22.10.0


This topic is closed. Only moderators and the group administrators can post new replies.
Kristina Hoeppner's profile picture
Posts: 4859

01 November 2022, 18:00

Vulnerability type: Incorrect access control
Attack type: Remote
Impact: Code execution

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 are vulnerable to the PDF export potentially triggering a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with ghostscript.

Reported by: Fergus Whyte (Catalyst IT)
Bug report
CVE reference: CVE-2022-44544

1 result