Mahara Community - Security Announcements

Mahara Community

Forums /
Security Announcements

Subscribe to this forum to be notified about security fixes.

Topic	Posts	Last post
Closed Security issue relating to session fixation and privilege escalation <1.8.6, <1.9.4, <1.10.1 by Robert Lyon Password reset key leaked via HTTP "Referer" fi...	1	26 November 2014, 13:36 by Robert Lyon
Closed Security issue relating to privacy <1.10.1 by Robert Lyon Author not anonymised on "Shared with me" page ...	1	26 November 2014, 12:18 by Robert Lyon
Closed Security issue relating to access control <1.8.6, <1.9.4, <1.10.1 by Robert Lyon Secret URL access permissions not cleared on lo...	1	26 November 2014, 12:17 by Robert Lyon
Closed Security issues relating to CSRF <1.8.6, <1.9.4, <1.10.1 by Robert Lyon SSRF (Server Side Request Forgery) is a vulnera...	1	26 November 2014, 12:14 by Robert Lyon
Closed Security issues relating to XSS <1.7.8, <1.8.5, <1.9.3 by Aaron Wells Institution display names were not always prope...	1	22 October 2014, 16:18 by Aaron Wells
Closed Security issues relating to passwords <1.7.7, <1.8.4, <1.9.2 by Robert Lyon Mahara institutions that use LDAP for authentic...	1	01 August 2014, 12:13 by Robert Lyon
Closed Security issues in HTML Purifier external library in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells Mahara uses the external HTML Purifier library ...	1	03 April 2014, 15:42 by Aaron Wells
Closed Suspended user access vulnerability in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells Suspended users can login via the "reset passwo...	1	03 April 2014, 15:35 by Aaron Wells
Closed Access Folder Artefact Vulnerabilities in <1.5.13, <1.6.8, <1.7.4 by Son Nguyen Unauthorized access to a folder by group members	1	31 October 2013, 16:32 by Son Nguyen
Closed Cross-site Scripting Vulnerability in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells Category: Cross-site Scripting	1	03 October 2013, 22:59 by Aaron Wells
Closed Multiple Access Control Vulnerabilities in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells Multiple Access Control Vulnerabilities in <1.5...	1	03 October 2013, 22:49 by Aaron Wells
Closed RSS feed password vulnerability <1.5.10, <1.6.5, <1.7.1 by Aaron Wells Potential compromise of stored passwords in RSS...	1	03 May 2013, 12:54 by Aaron Wells
Closed Cross-site Scripting Vulnerability <1.5.9, <1.6.4 by Aaron Wells Stored XSS vulnerability in Mahara's usage of T...	1	15 April 2013, 18:18 by Aaron Wells
Closed External vulnerability in Mahara flowplayer in <1.5.8 and <1.6.3 by Account deleted Cross site scripting vulnerability in external ...	1	15 February 2013, 16:58 by Account deleted
Closed Cross-site Scripting vulnerability in Mahara <1.5.8 and <1.6.3 by Account deleted Cross-site Scripting Vulnerability	1	15 February 2013, 16:38 by Account deleted
Closed Cross-site Scripting Vulnerability < 1.5.7, < 1.6.2 by Account deleted Cross-site Scripting Vulnerability Category:...	2	23 November 2012, 16:16 by Account deleted
Closed Click Jacking Vulnerability by Account deleted Click Jacking Vulnerability	1	09 October 2012, 23:19 by Account deleted
Closed Cross-site Scripting Vulnerability by Account deleted Cross-site Scripting Vulnerability	1	09 October 2012, 23:17 by Account deleted
Closed Multiple Cross-site Scripting Vulnerabilities by Account deleted Multiple Cross-site Scripting Vulnerabilities	1	09 October 2012, 23:16 by Account deleted
Closed Remote Code Execution Vulnerability by Account deleted Remote Code Execution Vulnerability	1	09 October 2012, 23:13 by Account deleted
Closed Conclusion of the Security Bug Bounty by Kristina Hoeppner Hello,	1	04 October 2012, 21:13 by Kristina Hoeppner
Closed XML External Entities Vulnerability in versions 1.4.3 and 1.5.2 by Account deleted XML External Entities Vulnerability in versions...	1	13 September 2012, 20:53 by Account deleted
Closed Multiple Cross-site Scripting Vulnerabilities in versions 1.4.2 and 1.5.1 by Account deleted Multiple Cross-site Scripting Vulnerabilities i...	1	31 July 2012, 1:45 by Account deleted
Closed Insecure defaults in SAML plugin by François Marier This security issue only affects sites which ma...	1	15 February 2012, 20:52 by François Marier
Closed Privilege Escalation (MNet) in Mahara 1.4.0 and 1.3.6 by François Marier Category: Privilege Escalation Seve...	1	03 November 2011, 17:56 by François Marier

102 topics

Group administrators:

Robert Lyon

Cecilia Vela

Kristina Hoeppner

Forums | Mahara Community

Forums / Security Announcements

Closed Security issue relating to session fixation and privilege escalation <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

Closed Security issue relating to privacy <1.10.1 by Robert Lyon

Closed Security issue relating to access control <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

Closed Security issues relating to CSRF <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

Closed Security issues relating to XSS <1.7.8, <1.8.5, <1.9.3 by Aaron Wells

Closed Security issues relating to passwords <1.7.7, <1.8.4, <1.9.2 by Robert Lyon

Closed Security issues in HTML Purifier external library in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells

Closed Suspended user access vulnerability in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells

Closed Access Folder Artefact Vulnerabilities in <1.5.13, <1.6.8, <1.7.4 by Son Nguyen

Closed Cross-site Scripting Vulnerability in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells

Closed Multiple Access Control Vulnerabilities in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells

Closed RSS feed password vulnerability <1.5.10, <1.6.5, <1.7.1 by Aaron Wells

Closed Cross-site Scripting Vulnerability <1.5.9, <1.6.4 by Aaron Wells

Closed External vulnerability in Mahara flowplayer in <1.5.8 and <1.6.3 by Account deleted

Closed Cross-site Scripting vulnerability in Mahara <1.5.8 and <1.6.3 by Account deleted

Closed Cross-site Scripting Vulnerability < 1.5.7, < 1.6.2 by Account deleted

Closed Click Jacking Vulnerability by Account deleted

Closed Cross-site Scripting Vulnerability by Account deleted

Closed Multiple Cross-site Scripting Vulnerabilities by Account deleted

Closed Remote Code Execution Vulnerability by Account deleted

Closed Conclusion of the Security Bug Bounty by Kristina Hoeppner

Closed XML External Entities Vulnerability in versions 1.4.3 and 1.5.2 by Account deleted

Closed Multiple Cross-site Scripting Vulnerabilities in versions 1.4.2 and 1.5.1 by Account deleted

Closed Insecure defaults in SAML plugin by François Marier

Closed Privilege Escalation (MNet) in Mahara 1.4.0 and 1.3.6 by François Marier

Forums /
Security Announcements