Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information.
References
| Link | Resource |
|---|---|
| https://bugs.launchpad.net/mahara/+bug/1772774 | Issue Tracking Patch Vendor Advisory |
| https://mahara.org/interaction/forum/topic.php?id=8271 | Vendor Advisory |
| https://bugs.launchpad.net/mahara/+bug/1772774 | Issue Tracking Patch Vendor Advisory |
| https://mahara.org/interaction/forum/topic.php?id=8271 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:43
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://bugs.launchpad.net/mahara/+bug/1772774 - Issue Tracking, Patch, Vendor Advisory | |
| References | () https://mahara.org/interaction/forum/topic.php?id=8271 - Vendor Advisory |
Information
Published : 2018-05-30 21:29
Updated : 2024-11-21 03:43
NVD link : CVE-2018-11565
Mitre link : CVE-2018-11565
CVE.ORG link : CVE-2018-11565
JSON object : View
Products Affected
mahara
- mahara
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor