CVE-2020-9386

Published: Mar 9, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.

Affected (3)

Products: Mahara: Mahara

Mahara

1 product

Mahara

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mahara Mahara	From 18.10.0 to 18.10.5
Mahara Mahara	From 19.04.0 to 19.04.4
Mahara Mahara	From 19.10.0 to 19.10.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://bugs.launchpad.net/mahara/+bug/1840201

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://mahara.org/interaction/forum/topic.php?id=8589

Source: cve@mitre.org

Vendor Advisory

https://bugs.launchpad.net/mahara/+bug/1840201

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://mahara.org/interaction/forum/topic.php?id=8589

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.