First published: Fri Jun 01 2018(Updated: )
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | >=17.04.0<17.04.8 | |
Mahara Mahara | >=17.10.0<17.10.5 | |
Mahara Mahara | =18.04.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-11195.
The severity of CVE-2018-11195 is medium.
CVE-2018-11195 affects Mahara versions 17.04 before 17.04.8, 17.10 before 17.10.5, and 18.04 before 18.04.1.
CVE-2018-11195 allows malicious users with physical access to a Mahara user's web browser, after they have logged in, to potentially gain access to their Mahara credentials.
To fix CVE-2018-11195, users should update their Mahara installations to versions 17.04.8, 17.10.5, or 18.04.1.