CVE-2011-1403: CSRF
First published: Fri May 13 2011(Updated: )
Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mahara | <=1.3.5 | |
| Mahara | =0.9.0 | |
| Mahara | =0.9.1 | |
| Mahara | =0.9.2 | |
| Mahara | =1.0.0 | |
| Mahara | =1.0.1 | |
| Mahara | =1.0.2 | |
| Mahara | =1.0.3 | |
| Mahara | =1.0.4 | |
| Mahara | =1.0.5 | |
| Mahara | =1.0.6 | |
| Mahara | =1.0.7 | |
| Mahara | =1.0.8 | |
| Mahara | =1.0.9 | |
| Mahara | =1.0.10 | |
| Mahara | =1.0.11 | |
| Mahara | =1.0.12 | |
| Mahara | =1.0.13 | |
| Mahara | =1.0.14 | |
| Mahara | =1.0.15 | |
| Mahara | =1.1 | |
| Mahara | =1.1.0 | |
| Mahara | =1.1.0-alpha1 | |
| Mahara | =1.1.0-alpha2 | |
| Mahara | =1.1.0-alpha3 | |
| Mahara | =1.1.0-beta1 | |
| Mahara | =1.1.0-beta2 | |
| Mahara | =1.1.0-beta3 | |
| Mahara | =1.1.0-beta4 | |
| Mahara | =1.1.0-rc1 | |
| Mahara | =1.1.0-rc2 | |
| Mahara | =1.1.1 | |
| Mahara | =1.1.2 | |
| Mahara | =1.1.3 | |
| Mahara | =1.1.4 | |
| Mahara | =1.1.5 | |
| Mahara | =1.1.6 | |
| Mahara | =1.1.7 | |
| Mahara | =1.1.8 | |
| Mahara | =1.1.9 | |
| Mahara | =1.2.0 | |
| Mahara | =1.2.0-alpha1 | |
| Mahara | =1.2.0-alpha2 | |
| Mahara | =1.2.0-alpha3 | |
| Mahara | =1.2.0-beta1 | |
| Mahara | =1.2.0-beta2 | |
| Mahara | =1.2.0-beta3 | |
| Mahara | =1.2.0-beta4 | |
| Mahara | =1.2.0-rc1 | |
| Mahara | =1.2.1 | |
| Mahara | =1.2.2 | |
| Mahara | =1.2.3 | |
| Mahara | =1.2.4 | |
| Mahara | =1.2.5 | |
| Mahara | =1.2.6 | |
| Mahara | =1.3.0 | |
| Mahara | =1.3.0-beta1 | |
| Mahara | =1.3.0-beta2 | |
| Mahara | =1.3.0-beta3 | |
| Mahara | =1.3.0-beta4 | |
| Mahara | =1.3.0-rc1 | |
| Mahara | =1.3.1 | |
| Mahara | =1.3.2 | |
| Mahara | =1.3.3 | |
| Mahara | =1.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-1403?
CVE-2011-1403 is classified as a moderate severity vulnerability that allows cross-site request forgery (CSRF) attacks.
How do I fix CVE-2011-1403?
To fix CVE-2011-1403, upgrade Mahara to version 1.3.6 or later, which addresses this vulnerability.
What type of vulnerability is CVE-2011-1403?
CVE-2011-1403 is a cross-site request forgery (CSRF) vulnerability that allows attackers to hijack user sessions.
Which versions of Mahara are affected by CVE-2011-1403?
CVE-2011-1403 affects Mahara versions prior to 1.3.6, including versions 0.9.0 through 1.3.5.
Can CVE-2011-1403 lead to unauthorized actions on behalf of users?
Yes, CVE-2011-1403 can allow remote attackers to make unauthorized actions on behalf of authenticated users.
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/weakness
- vendor/mahara
- canonical/mahara
- version/mahara/1.3.5
- version/mahara/0.9.0
- version/mahara/0.9.1
- version/mahara/0.9.2
- version/mahara/1.0.0
- version/mahara/1.0.1
- version/mahara/1.0.2
- version/mahara/1.0.3
- version/mahara/1.0.4
- version/mahara/1.0.5
- version/mahara/1.0.6
- version/mahara/1.0.7
- version/mahara/1.0.8
- version/mahara/1.0.9
- version/mahara/1.0.10
- version/mahara/1.0.11
- version/mahara/1.0.12
- version/mahara/1.0.13
- version/mahara/1.0.14
- version/mahara/1.0.15
- version/mahara/1.1
- version/mahara/1.1.0
- version/mahara/1.1.0-alpha1
- version/mahara/1.1.0-alpha2
- version/mahara/1.1.0-alpha3
- version/mahara/1.1.0-beta1
- version/mahara/1.1.0-beta2
- version/mahara/1.1.0-beta3
- version/mahara/1.1.0-beta4
- version/mahara/1.1.0-rc1
- version/mahara/1.1.0-rc2
- version/mahara/1.1.1
- version/mahara/1.1.2
- version/mahara/1.1.3
- version/mahara/1.1.4
- version/mahara/1.1.5
- version/mahara/1.1.6
- version/mahara/1.1.7
- version/mahara/1.1.8
- version/mahara/1.1.9
- version/mahara/1.2.0
- version/mahara/1.2.0-alpha1
- version/mahara/1.2.0-alpha2
- version/mahara/1.2.0-alpha3
- version/mahara/1.2.0-beta1
- version/mahara/1.2.0-beta2
- version/mahara/1.2.0-beta3
- version/mahara/1.2.0-beta4
- version/mahara/1.2.0-rc1
- version/mahara/1.2.1
- version/mahara/1.2.2
- version/mahara/1.2.3
- version/mahara/1.2.4
- version/mahara/1.2.5
- version/mahara/1.2.6
- version/mahara/1.3.0
- version/mahara/1.3.0-beta1
- version/mahara/1.3.0-beta2
- version/mahara/1.3.0-beta3
- version/mahara/1.3.0-beta4
- version/mahara/1.3.0-rc1
- version/mahara/1.3.1
- version/mahara/1.3.2
- version/mahara/1.3.3
- version/mahara/1.3.4