CVE-2022-24111

In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:21.10.0:*:*:*:*:*:*:*

Information

Published : 2022-02-10 08:15

Updated : 2022-02-23 09:46


NVD link : CVE-2022-24111

Mitre link : CVE-2022-24111


JSON object : View

CWE
CWE-306

Missing Authentication for Critical Function

Advertisement

dedicated server usa

Products Affected

mahara

  • mahara