First published: Fri Nov 03 2017(Updated: )
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | =15.04-rc1 | |
Mahara Mahara | =15.04-rc2 | |
Mahara Mahara | =15.04.0 | |
Mahara Mahara | =15.04.1 | |
Mahara Mahara | =15.04.2 | |
Mahara Mahara | =15.04.3 | |
Mahara Mahara | =15.04.4 | |
Mahara Mahara | =15.04.5 | |
Mahara Mahara | =15.04.6 | |
Mahara Mahara | =15.10.0 | |
Mahara Mahara | =15.10.1 | |
Mahara Mahara | =15.10.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-1000152 is a vulnerability in Mahara versions 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3, which allows one user to be logged in as another user on a separate computer.
CVE-2017-1000152 has a severity rating of 9.8 (Critical).
CVE-2017-1000152 occurs when a user takes an action that forces another user to be logged out of Mahara, allowing the first user to be logged in as the second user on a different computer.
Mahara versions 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are affected by CVE-2017-1000152.
To fix CVE-2017-1000152, upgrade to Mahara version 15.04.7 or 15.10.3 running PHP 5.4 or higher.