Mahara Community - Security Announcements

Mahara Community

Forums /
Security Announcements

Subscribe to this forum to be notified about security fixes.

Topic	Posts	Last post
Closed Security issue relating to the third-party library SimpleSAMLPHP <18.10.5, <19.04.4, <19.10.2 by Kristina Hoeppner Two security issues have been resolved for Simp...	1	04 March 2020, 6:51 PM by Kristina Hoeppner
Closed Security issue relating to information disclosure <18.10.5, <19.04.4, <19.10.2 by Kristina Hoeppner Vulnerability type: Information disclosure; acc...	1	04 March 2020, 6:47 PM by Kristina Hoeppner
Closed Security issue relating to incorrect access control in Elasticsearch results <18.10.5, <19.04.4, <19.10.2 by Kristina Hoeppner Vulnerability type: Incorrect access control	1	04 March 2020, 6:38 PM by Kristina Hoeppner
Closed Security issue relating to third party library security upgrade <18.10.4 <19.04.3 <19.10.1 by Cecilia Vela The minor point releases 19.10.1, 19.04.3 and 1...	1	12 November 2019, 3:55 PM by Cecilia Vela
Closed Security issue relating to third party libraries security upgrades <18.04.6 <18.10.3 <19.04.2 by Cecilia Vela The minor point releases 19.04.2, 18.10.3 and 1...	1	01 November 2019, 2:23 PM by Cecilia Vela
Closed Security issue relating to Cross Site Scripting (XSS) <17.10.8; <18.04.4: <18.10.1 by Robert Lyon	1	30 April 2019, 7:26 PM by Robert Lyon
Closed Security issue relating to insecure permissions <17.10.8; <18.04.4: <18.10.1 by Robert Lyon Disable logins for everyone when root user is s...	1	30 April 2019, 7:24 PM by Robert Lyon
Closed Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela Prevent disclosing usernames that are taken exp...	1	30 May 2018, 5:36 PM by Cecilia Vela
Closed Security issue relating to the upload of a virus-infected file <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela Virus scanner does not check Leap2A zip files	1	30 May 2018, 5:35 PM by Cecilia Vela
Closed Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela Prevent a back and refresh attack through the w...	1	30 May 2018, 5:31 PM by Cecilia Vela
Closed Security issue relating to cross-site scripting <16.10.9; <17.04.7; <17.10.4 by Robert Lyon Avoid relying on TinyMCE code stripping alone	1	06 April 2018, 11:32 AM by Robert Lyon
Closed Security issue relating to disclosing information <16.10.7; <17.04.5; <17.10.2 by Robert Lyon Have page forgotpass.php use captcha field (if ...	1	17 January 2018, 5:23 PM by Robert Lyon
Closed Security issue relating to incorrect redirect <16.10.7; <17.04.5; <17.10.2 by Robert Lyon Needing the HTTP Strict Transport Security (HST...	1	17 January 2018, 5:14 PM by Robert Lyon
Closed Security issue relating to cross-site scripting <16.10.7; <17.04.5; <17.10.2 by Robert Lyon Fix user input from direct POST / GET usage	1	17 January 2018, 5:09 PM by Robert Lyon
Closed Security issue relating to XSS and saving of display name <15.04.15, <16.04.9, <16.10.6, <17.04.4 by Robert Lyon Don't allow saving of firstname, lastname, and ...	1	30 October 2017, 2:35 PM by Robert Lyon
Closed Security issue relating to Access control and session cookies <15.04.15, <16.04.9, <16.10.6, <17.04.4 by Robert Lyon Old session cookies can be used to access an ac...	1	30 October 2017, 2:34 PM by Robert Lyon
Closed Security issue relating to cross-site scripting <15.04.15; <16.04.9; <16.10.6; <17.04.4 by Robert Lyon User's displayed title is not escaped for inter...	1	30 October 2017, 2:27 PM by Robert Lyon
Security issue relating to cross-site scripting <15.04.14; <16.04.8; <16.10.5; <17.04.3 by Kristina Hoeppner Mahara 15.04 before 15.04.14 and 16.04 before 1...	1	11 September 2017, 12:02 PM by Kristina Hoeppner
Security issue logging passwords during full event logging <17.04.2, <16.10.4, <16.04.7, <15.04.13 by Robert Lyon Recording plain text passwords in event_log tab...	1	25 May 2017, 7:11 PM by Robert Lyon
Security issue relating to logging of passwords from Mahara Mobile by Kristina Hoeppner Hello,	2	12 February 2017, 4:55 PM by Kristina Hoeppner
Security issue relating to a remote code execution vulnerability in PHPMailer <15.04.11, <15.10.7, <16.04.5, <16.10.2 by Kristina Hoeppner From PHPMailer: All addresses used by PHPMailer...	1	29 December 2016, 11:39 PM by Kristina Hoeppner
Closed Security issue relating to Access control and password reset link <15.04.10, <15.10.6, <16.04.4 by Robert Lyon After the password reset link is sent via email...	1	25 October 2016, 8:39 PM by Robert Lyon
Security issue relating to access control in Mahara groups <15.04.9, <15.10.5, <16.04.3 by Aaron Wells Access to a group's configuration page is meant...	1	08 August 2016, 5:44 PM by Aaron Wells
Security issue relating to passwords <15.04.9, <15.10.5, <16.04.3 by Aaron Wells Under some error logging settings, Mahara print...	1	08 August 2016, 5:40 PM by Aaron Wells
Security issue relating to Access control and profile pictures <15.04.8, <15.10.4, <16.04.2 by Aaron Wells When a profile picture is accessed directly by ...	1	11 July 2016, 5:13 PM by Aaron Wells

98 topics

«Previous page
1
2
3
4
»Next page

Group administrators:

Robert Lyon

Cecilia Vela

Kristina Hoeppner

Forums | Mahara Community

Forums / Security Announcements

Closed Security issue relating to the third-party library SimpleSAMLPHP <18.10.5, <19.04.4, <19.10.2 by Kristina Hoeppner

Closed Security issue relating to information disclosure <18.10.5, <19.04.4, <19.10.2 by Kristina Hoeppner

Closed Security issue relating to incorrect access control in Elasticsearch results <18.10.5, <19.04.4, <19.10.2 by Kristina Hoeppner

Closed Security issue relating to third party library security upgrade <18.10.4 <19.04.3 <19.10.1 by Cecilia Vela

Closed Security issue relating to third party libraries security upgrades <18.04.6 <18.10.3 <19.04.2 by Cecilia Vela

Closed Security issue relating to Cross Site Scripting (XSS) <17.10.8; <18.04.4: <18.10.1 by Robert Lyon

Closed Security issue relating to insecure permissions <17.10.8; <18.04.4: <18.10.1 by Robert Lyon

Closed Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela

Closed Security issue relating to the upload of a virus-infected file <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela

Closed Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela

Closed Security issue relating to cross-site scripting <16.10.9; <17.04.7; <17.10.4 by Robert Lyon

Closed Security issue relating to disclosing information <16.10.7; <17.04.5; <17.10.2 by Robert Lyon

Closed Security issue relating to incorrect redirect <16.10.7; <17.04.5; <17.10.2 by Robert Lyon

Closed Security issue relating to cross-site scripting <16.10.7; <17.04.5; <17.10.2 by Robert Lyon

Closed Security issue relating to XSS and saving of display name <15.04.15, <16.04.9, <16.10.6, <17.04.4 by Robert Lyon

Closed Security issue relating to Access control and session cookies <15.04.15, <16.04.9, <16.10.6, <17.04.4 by Robert Lyon

Closed Security issue relating to cross-site scripting <15.04.15; <16.04.9; <16.10.6; <17.04.4 by Robert Lyon

Security issue relating to cross-site scripting <15.04.14; <16.04.8; <16.10.5; <17.04.3 by Kristina Hoeppner

Security issue logging passwords during full event logging <17.04.2, <16.10.4, <16.04.7, <15.04.13 by Robert Lyon

Security issue relating to logging of passwords from Mahara Mobile by Kristina Hoeppner

Security issue relating to a remote code execution vulnerability in PHPMailer <15.04.11, <15.10.7, <16.04.5, <16.10.2 by Kristina Hoeppner

Closed Security issue relating to Access control and password reset link <15.04.10, <15.10.6, <16.04.4 by Robert Lyon

Security issue relating to access control in Mahara groups <15.04.9, <15.10.5, <16.04.3 by Aaron Wells

Security issue relating to passwords <15.04.9, <15.10.5, <16.04.3 by Aaron Wells

Security issue relating to Access control and profile pictures <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

Forums /
Security Announcements