CVE-2020-9282

Published: Mar 9, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.

Affected (3)

Products: Mahara: Mahara

Mahara

1 product

Mahara

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mahara Mahara	From 18.10.0 to 18.10.5
Mahara Mahara	From 19.04.0 to 19.04.4
Mahara Mahara	From 19.10.0 to 19.10.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://bugs.launchpad.net/mahara/+bug/1863043

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://mahara.org/interaction/forum/topic.php?id=8590

Source: cve@mitre.org

Vendor Advisory

https://bugs.launchpad.net/mahara/+bug/1863043

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://mahara.org/interaction/forum/topic.php?id=8590

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.