CVE-2020-9387

Published: Apr 30, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.

Affected (4)

Products: Mahara: Mahara

Mahara

1 product

Mahara

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Mahara Mahara	From 19.04 to 19.04.5
Mahara Mahara	From 19.10 to 19.10.3
Mahara Mahara	Version 20.04 rc1
Mahara Mahara	Version 20.04 rc2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://bugs.launchpad.net/mahara/+bug/1836984

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://mahara.org/interaction/forum/topic.php?id=8612

Source: cve@mitre.org

Vendor Advisory

https://bugs.launchpad.net/mahara/+bug/1836984

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://mahara.org/interaction/forum/topic.php?id=8612

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.