CVE-2020-9386

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
References
Link Resource
https://bugs.launchpad.net/mahara/+bug/1840201 Issue Tracking Patch Third Party Advisory
https://mahara.org/interaction/forum/topic.php?id=8589 Vendor Advisory
https://bugs.launchpad.net/mahara/+bug/1840201 Issue Tracking Patch Third Party Advisory
https://mahara.org/interaction/forum/topic.php?id=8589 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:40

Type Values Removed Values Added
References () https://bugs.launchpad.net/mahara/+bug/1840201 - Issue Tracking, Patch, Third Party Advisory () https://bugs.launchpad.net/mahara/+bug/1840201 - Issue Tracking, Patch, Third Party Advisory
References () https://mahara.org/interaction/forum/topic.php?id=8589 - Vendor Advisory () https://mahara.org/interaction/forum/topic.php?id=8589 - Vendor Advisory

Information

Published : 2020-03-09 16:15

Updated : 2024-11-21 05:40


NVD link : CVE-2020-9386

Mitre link : CVE-2020-9386

CVE.ORG link : CVE-2020-9386


JSON object : View

Products Affected

mahara

  • mahara
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor