First published: Fri Nov 03 2017(Updated: )
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | =1.9-rc1 | |
Mahara Mahara | =1.9.0 | |
Mahara Mahara | =1.9.1 | |
Mahara Mahara | =1.9.2 | |
Mahara Mahara | =1.9.3 | |
Mahara Mahara | =1.9.4 | |
Mahara Mahara | =1.9.5 | |
Mahara Mahara | =1.9.6 | |
Mahara Mahara | =1.10-rc1 | |
Mahara Mahara | =1.10.0 | |
Mahara Mahara | =1.10.1 | |
Mahara Mahara | =1.10.2 | |
Mahara Mahara | =1.10.3 | |
Mahara Mahara | =1.10.4 | |
Mahara Mahara | =15.04-rc1 | |
Mahara Mahara | =15.04-rc2 | |
Mahara Mahara | =15.04.0 | |
Mahara Mahara | =15.04.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-1000145 is medium.
Mahara versions 1.9 before 1.9.7, 1.10 before 1.10.5, and 15.04 before 15.04.2 are vulnerable to CVE-2017-1000145.
CVE-2017-1000145 allows anonymous comments to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.
To fix CVE-2017-1000145, upgrade to Mahara versions 1.9.7, 1.10.5, or 15.04.2.
You can find more information about CVE-2017-1000145 at the following reference: https://bugs.launchpad.net/mahara/+bug/1460368