First published: Tue May 07 2019(Updated: )
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | >=17.10.0<17.10.8 | |
Mahara Mahara | >=18.04.0<18.04.4 | |
Mahara Mahara | >=18.10.0<18.10.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-9708.
The severity of CVE-2019-9708 is medium.
CVE-2019-9708 allows a site administrator to suspend the system user (root), causing all users to be locked out from the system.
Mahara versions 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1 are affected by CVE-2019-9708.
To mitigate the CVE-2019-9708 vulnerability, update Mahara to version 17.10.8, 18.04.4, or 18.10.1 or later.