CVE-2017-1000156

Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.
References
Link Resource
https://bugs.launchpad.net/mahara/+bug/1609200 Exploit Issue Tracking Patch Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.8:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:16.04.2:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.10.4:*:*:*:*:*:*:*

Information

Published : 2017-11-03 11:29

Updated : 2019-10-02 17:03


NVD link : CVE-2017-1000156

Mitre link : CVE-2017-1000156


JSON object : View

CWE
CWE-269

Improper Privilege Management

Advertisement

dedicated server usa

Products Affected

mahara

  • mahara