Forums | Mahara Community

Forums /
Security Announcements


Subscribe to this forum to be notified about security fixes.

Topic Posts Last post

Closed XSS exploit in Mahara before 24.04.1, 23.04.6, and 22.10.6 by Kristina Hoeppner

Kia ora Mahara community,
1 14 May 2024, 19:58

by Kristina Hoeppner

Closed Information disclosure in Mahara before 23.04.4 and 22.10.4 by Kristina Hoeppner

Kia ora Mahara community,
1 08 November 2023, 16:40

by Kristina Hoeppner

Closed Information disclosure in Mahara before 21.04.7, 21.10.5, 22.04.3, and 22.10.0 by Kristina Hoeppner

Critical
1 01 November 2022, 18:01

by Kristina Hoeppner

Closed Incorrect access control in Mahara before 21.04.7, 21.10.5, 22.04.3, and 22.10.0 by Kristina Hoeppner

Vulnerability type: Incorrect access control
1 01 November 2022, 18:00

by Kristina Hoeppner

Closed Information disclosure in Mahara before 21.04.6, 21.10.4, and 22.04.2 and all versions of 20.04 and 20.10 by Kristina Hoeppner

Critical
1 16 June 2022, 15:48

by Kristina Hoeppner

Closed XSS exploit in 'External media' block in Mahara before 20.10.5, 21.04.4, and 21.10.2 by Robert Lyon



1 27 April 2022, 13:21

by Robert Lyon

Closed Strengthen the random generated tokens in Mahara before 20.10.5, 21.04.4, and 21.10.2 by Robert Lyon



1 27 April 2022, 13:20

by Robert Lyon

Closed Group search list shows too many results from page 2 onwards in Mahara before 20.10.5, 21.04.4, and 21.10.2 by Robert Lyon

Group search page shows too many results when i...
1 27 April 2022, 13:17

by Robert Lyon

Closed Mahara and Spring framework? by Kristina Hoeppner

Hello,
1 01 April 2022, 22:10

by Kristina Hoeppner

Closed Private group, site, or institution portfolios can be accessed by the URL without logging in by going to the URL in Mahara before 21.10.1 and 21.04.3 by Doris ⚡

Vulnerability type: Incorrect access control
1 09 February 2022, 17:26

by Doris ⚡

Closed Command injection when PDF bulk is enabled in Mahara before in Mahara before 21.10.1, 21.04.3, and 20.10.4 by Doris ⚡

This is a follow-up for an already released sec...
1 09 February 2022, 17:24

by Doris ⚡

Closed Able to see the name of another account holder’s folder in Mahara before 21.10.1, 21.04.3, and 20.10.4 by Doris ⚡

Vulnerability type: Incorrect access control
1 09 February 2022, 17:23

by Doris ⚡

Closed Accessing page help causing path traversal in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0 by Robert Lyon

Vulnerability type: Path traversal
1 29 October 2021, 17:06

by Robert Lyon

Closed Tag syntax could cause code execution in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0 by Robert Lyon

 
1 29 October 2021, 17:03

by Robert Lyon

Closed PDF export cause code execution in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0 by Robert Lyon

Vulnerability type: Code execution
1 29 October 2021, 17:02

by Robert Lyon

Closed Security issue with PHPMailer in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0 by Robert Lyon

A security issues has been resolved for an exte...
1 29 October 2021, 16:59

by Robert Lyon

Closed Exported CSV files could contain bad character syntax in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0 by Robert Lyon

Vulnerability type: Other (CSV Injection)
1 29 October 2021, 16:54

by Robert Lyon

Closed Web services token vulnerablity in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, by Robert Lyon



1 29 October 2021, 16:52

by Robert Lyon

Closed Security issue relating to SimpleSAML PHP <20.04.4 <20.10.2 <21.04.1 by Lisa Seeto

Fix a security bug where in rare cases the data...
1 21 May 2021, 15:33

by Lisa Seeto

Closed Security issue relating to the SimpleSamlPhp <19.10.6, <20.04.3, <20.10.1 by Robert Lyon

A potential security issue has been resolved fo...
1 05 May 2021, 10:26

by Robert Lyon

Closed Security issue relating to the PHPMailer <19.10.6, <20.04.3, <20.10.1 by Robert Lyon

A security issues has been resolved for externa...
1 04 May 2021, 17:06

by Robert Lyon

Closed Security issue relating to jQuery in Mahara <19.04.7, <19.10.5, <20.04.2 by Kristina Hoeppner

Hello,
1 22 October 2020, 22:51

by Kristina Hoeppner

Closed Security issue relating to the file browser <19.04.6, <19.10.4, <20.04.1 by Robert Lyon

Avoid file or folder names containing JavaScrip...
1 04 August 2020, 16:13

by Robert Lyon

Closed Security issue relating to the third-party library SimpleSAMLPHP <19.04.6, <19.10.4, <20.04.1 by Robert Lyon

One security issue has been resolved for Simple...
1 04 August 2020, 16:10

by Robert Lyon

Closed Security issue relating to the Elasticsearch results and Isolated institutions <18.10.6, <19.04.5, <19.10.3 by Robert Lyon

Vulnerability type: Incorrect access control
1 30 April 2020, 12:26

by Robert Lyon

123 topics

Moderators:

Doris ⚡'s profile picture Doris ⚡