First published: Fri Nov 03 2017(Updated: )
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | =15.04-rc1 | |
Mahara Mahara | =15.04-rc2 | |
Mahara Mahara | =15.04.0 | |
Mahara Mahara | =15.04.1 | |
Mahara Mahara | =15.04.2 | |
Mahara Mahara | =15.04.3 | |
Mahara Mahara | =15.04.4 | |
Mahara Mahara | =15.04.5 | |
Mahara Mahara | =15.04.6 | |
Mahara Mahara | =15.04.7 | |
Mahara Mahara | =16.04-rc1 | |
Mahara Mahara | =16.04-rc2 | |
Mahara Mahara | =16.04.0 | |
Mahara Mahara | =16.04.1 | |
Mahara Mahara | =15.10.0 | |
Mahara Mahara | =15.10.1 | |
Mahara Mahara | =15.10.2 | |
Mahara Mahara | =15.10.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-1000154 is a vulnerability in Mahara versions 15.04, 15.10, and 16.04 that allows users to log in even if their institution was expired or suspended.
The severity of CVE-2017-1000154 is critical with a CVSS score of 9.8.
Mahara versions 15.04 before 15.04.8, 15.10 before 15.10.4, and 16.04 before 16.04.2 are affected by CVE-2017-1000154.
To fix the vulnerability, update your Mahara installation to version 15.04.8, 15.10.4, or 16.04.2.
You can find more information about CVE-2017-1000154 on the official Mahara bug tracking system: https://bugs.launchpad.net/mahara/+bug/1580399