CVE-2017-1000134

Published: Nov 3, 2017Modified: May 13, 2026

8.1

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.

Affected (17)

Products: Mahara: Mahara

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Mahara Mahara	Version 1.8.0
Mahara Mahara	Version 1.8.1
Mahara Mahara	Version 1.8.2
Mahara Mahara	Version 1.8.3
Mahara Mahara	Version 1.8.4
Mahara Mahara	Version 1.8.5
Mahara Mahara	Version 1.8 rc1
Mahara Mahara	Version 1.8 rc2

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Mahara Mahara	Version 1.9.0
Mahara Mahara	Version 1.9.1
Mahara Mahara	Version 1.9.2
Mahara Mahara	Version 1.9.3
Mahara Mahara	Version 1.9 rc1

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Mahara Mahara	Version 1.10.0
Mahara Mahara	Version 1.10 rc1

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Mahara Mahara	Version 15.04 rc1
Mahara Mahara	Version 15.04 rc2

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://bugs.launchpad.net/mahara/+bug/1267686

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://bugs.launchpad.net/mahara/+bug/1267686

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

Timeline

No history available yet.