CVE-2020-9386

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
References
Link Resource
https://bugs.launchpad.net/mahara/+bug/1840201 Issue Tracking Patch Third Party Advisory
https://mahara.org/interaction/forum/topic.php?id=8589 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-09 16:15

Updated : 2024-02-28 17:28


NVD link : CVE-2020-9386

Mitre link : CVE-2020-9386

CVE.ORG link : CVE-2020-9386


JSON object : View

Products Affected

mahara

  • mahara
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor