CVE-2017-1000150

{"id": "CVE-2017-1000150", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-11-03T18:29:00.903", "references": [{"url": "https://bugs.launchpad.net/mahara/+bug/1567784", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugs.launchpad.net/mahara/+bug/1567784", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks."}, {"lang": "es", "value": "Mahara, en versiones 15.04 anteriores a la 15.04.7 y versiones 15.10 anteriores a la 15.10.3, es vulnerable a que se evite que los ID de sesi\u00f3n se regeneren en el inicio o el cierre de sesi\u00f3n. Esto hace que los usuarios del sitio sean m\u00e1s vulnerables a ataques de fijaci\u00f3n de sesi\u00f3n."}], "lastModified": "2024-11-21T03:04:16.920", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D"}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7"}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B"}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3"}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569"}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060"}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862"}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71"}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F"}, {"criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42"}, {"criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}