First published: Fri Nov 03 2017(Updated: )
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | =15.04-rc1 | |
Mahara Mahara | =15.04-rc2 | |
Mahara Mahara | =15.04.0 | |
Mahara Mahara | =15.04.1 | |
Mahara Mahara | =15.04.2 | |
Mahara Mahara | =15.04.3 | |
Mahara Mahara | =15.04.4 | |
Mahara Mahara | =15.04.5 | |
Mahara Mahara | =15.04.6 | |
Mahara Mahara | =15.04.7 | |
Mahara Mahara | =15.04.8 | |
Mahara Mahara | =16.04-rc1 | |
Mahara Mahara | =16.04-rc2 | |
Mahara Mahara | =16.04.0 | |
Mahara Mahara | =16.04.1 | |
Mahara Mahara | =16.04.2 | |
Mahara Mahara | =15.10.0 | |
Mahara Mahara | =15.10.1 | |
Mahara Mahara | =15.10.2 | |
Mahara Mahara | =15.10.3 | |
Mahara Mahara | =15.10.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-1000156 is a vulnerability in Mahara versions 15.04 before 15.04.9, 15.10 before 15.10.5, and 16.04 before 16.04.3 that allows group members to edit a group's configuration page even without the admin role.
CVE-2017-1000156 has a severity rating of 6.5 (medium).
To fix CVE-2017-1000156, upgrade your Mahara installation to version 15.04.9, 15.10.5, or 16.04.3.
You can find more information about CVE-2017-1000156 at the following link: [https://bugs.launchpad.net/mahara/+bug/1609200](https://bugs.launchpad.net/mahara/+bug/1609200)
The CWE ID for CVE-2017-1000156 is 269.