First published: Fri Nov 03 2017(Updated: )
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | =1.8-rc1 | |
Mahara Mahara | =1.8-rc2 | |
Mahara Mahara | =1.8.0 | |
Mahara Mahara | =1.8.1 | |
Mahara Mahara | =1.8.2 | |
Mahara Mahara | =1.8.3 | |
Mahara Mahara | =1.8.4 | |
Mahara Mahara | =1.8.5 | |
Mahara Mahara | =1.8.6 | |
Mahara Mahara | =1.9-rc1 | |
Mahara Mahara | =1.9.0 | |
Mahara Mahara | =1.9.1 | |
Mahara Mahara | =1.9.2 | |
Mahara Mahara | =1.9.3 | |
Mahara Mahara | =1.9.4 | |
Mahara Mahara | =1.10-rc1 | |
Mahara Mahara | =1.10.0 | |
Mahara Mahara | =1.10.1 | |
Mahara Mahara | =1.10.2 | |
Mahara Mahara | =15.04-rc1 | |
Mahara Mahara | =15.04-rc2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-1000135 is medium.
Logged-in users can stay logged in after the institution they belong to is suspended in Mahara versions 1.8 before 1.8.7, 1.9 before 1.9.5, 1.10 before 1.10.3, and 15.04 before 15.04.0.
To check if your Mahara version is affected by CVE-2017-1000135, you can compare your version against the vulnerable versions: 1.8 before 1.8.7, 1.9 before 1.9.5, 1.10 before 1.10.3, and 15.04 before 15.04.0.
Yes, a fix for CVE-2017-1000135 is available in Mahara versions 1.8.7, 1.9.5, 1.10.3, and 15.04.0.
More information about CVE-2017-1000135 can be found at the following link: https://bugs.launchpad.net/mahara/+bug/1348024