Vulnerability Name: | CVE-2017-1000143 (CCN-134450) | ||||||||||||
Assigned: | 2015-04-20 | ||||||||||||
Published: | 2015-04-20 | ||||||||||||
Updated: | 2017-11-15 | ||||||||||||
Summary: | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore. | ||||||||||||
CVSS v3 Severity: | 4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) 3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-200 | ||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2017-1000143 Source: CCN Type: Mahara Bugs: 1429647 Watchlist lets you watch and receive notifications about pages you don't have view access to Source: MISC Type: Issue Tracking, Patch, Third Party Advisory https://bugs.launchpad.net/mahara/+bug/1429647 Source: XF Type: UNKNOWN mahara-cve20171000143-sec-bypass(134450) Source: CCN Type: Mahara Web site Mahara | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |