Forums | Mahara Community

Forums /
Security Announcements


Subscribe to this forum to be notified about security fixes.

Topic Posts Last post

Closed Accessing page help causing path traversal in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0 by Robert Lyon

Vulnerability type: Path traversal
1 29 October 2021, 17:06

by Robert Lyon

Closed Tag syntax could cause code execution in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0 by Robert Lyon

 
1 29 October 2021, 17:03

by Robert Lyon

Closed PDF export cause code execution in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0 by Robert Lyon

Vulnerability type: Code execution
1 29 October 2021, 17:02

by Robert Lyon

Closed Security issue with PHPMailer in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0 by Robert Lyon

A security issues has been resolved for an exte...
1 29 October 2021, 16:59

by Robert Lyon

Closed Exported CSV files could contain bad character syntax in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0 by Robert Lyon

Vulnerability type: Other (CSV Injection)
1 29 October 2021, 16:54

by Robert Lyon

Closed Web services token vulnerablity in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, by Robert Lyon



1 29 October 2021, 16:52

by Robert Lyon

Closed Security issue relating to SimpleSAML PHP <20.04.4 <20.10.2 <21.04.1 by Lisa Seeto

Fix a security bug where in rare cases the data...
1 21 May 2021, 15:33

by Lisa Seeto

Closed Security issue relating to the SimpleSamlPhp <19.10.6, <20.04.3, <20.10.1 by Robert Lyon

A potential security issue has been resolved fo...
1 05 May 2021, 10:26

by Robert Lyon

Closed Security issue relating to the PHPMailer <19.10.6, <20.04.3, <20.10.1 by Robert Lyon

A security issues has been resolved for externa...
1 04 May 2021, 17:06

by Robert Lyon

Closed Security issue relating to jQuery in Mahara <19.04.7, <19.10.5, <20.04.2 by Kristina Hoeppner

Hello,
1 22 October 2020, 22:51

by Kristina Hoeppner

Closed Security issue relating to the file browser <19.04.6, <19.10.4, <20.04.1 by Robert Lyon

Avoid file or folder names containing JavaScrip...
1 04 August 2020, 16:13

by Robert Lyon

Closed Security issue relating to the third-party library SimpleSAMLPHP <19.04.6, <19.10.4, <20.04.1 by Robert Lyon

One security issue has been resolved for Simple...
1 04 August 2020, 16:10

by Robert Lyon

Closed Security issue relating to the Elasticsearch results and Isolated institutions <18.10.6, <19.04.5, <19.10.3 by Robert Lyon

Vulnerability type: Incorrect access control
1 30 April 2020, 12:26

by Robert Lyon

Closed Security issue relating to the third-party library SimpleSAMLPHP <18.10.5, <19.04.4, <19.10.2 by Kristina Hoeppner

Two security issues have been resolved for Simp...
1 04 March 2020, 18:51

by Kristina Hoeppner

Closed Security issue relating to information disclosure <18.10.5, <19.04.4, <19.10.2 by Kristina Hoeppner

Vulnerability type: Information disclosure; acc...
1 04 March 2020, 18:47

by Kristina Hoeppner

Closed Security issue relating to incorrect access control in Elasticsearch results <18.10.5, <19.04.4, <19.10.2 by Kristina Hoeppner

Vulnerability type: Incorrect access control
1 04 March 2020, 18:38

by Kristina Hoeppner

Closed Security issue relating to third party library security upgrade <18.10.4 <19.04.3 <19.10.1 by Cecilia Vela

The minor point releases 19.10.1, 19.04.3 and 1...
1 12 November 2019, 15:55

by Cecilia Vela

Closed Security issue relating to third party libraries security upgrades <18.04.6 <18.10.3 <19.04.2 by Cecilia Vela

The minor point releases 19.04.2, 18.10.3 and 1...
1 01 November 2019, 14:23

by Cecilia Vela

Closed Security issue relating to Cross Site Scripting (XSS) <17.10.8; <18.04.4: <18.10.1 by Robert Lyon



1 30 April 2019, 19:26

by Robert Lyon

Closed Security issue relating to insecure permissions <17.10.8; <18.04.4: <18.10.1 by Robert Lyon

Disable logins for everyone when root user is s...
1 30 April 2019, 19:24

by Robert Lyon

Closed Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela

Prevent disclosing usernames that are taken exp...
1 30 May 2018, 17:36

by Cecilia Vela

Closed Security issue relating to the upload of a virus-infected file <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela

Virus scanner does not check Leap2A zip files
1 30 May 2018, 17:35

by Cecilia Vela

Closed Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela

Prevent a back and refresh attack through the w...
1 30 May 2018, 17:31

by Cecilia Vela

Closed Security issue relating to cross-site scripting <16.10.9; <17.04.7; <17.10.4 by Robert Lyon

Avoid relying on TinyMCE code stripping alone
1 06 April 2018, 11:32

by Robert Lyon

Closed Security issue relating to disclosing information <16.10.7; <17.04.5; <17.10.2 by Robert Lyon

Have page forgotpass.php use captcha field (if ...
1 17 January 2018, 17:23

by Robert Lyon

111 topics