First published: Mon Mar 09 2020(Updated: )
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | >=18.10.0<18.10.5 | |
Mahara Mahara | >=19.04.0<19.04.4 | |
Mahara Mahara | >=19.10.0<19.10.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-9386 is a vulnerability in Mahara versions 18.10 to 19.10 that allows disclosure of file metadata to group members.
Mahara versions 18.10 to 19.10 are affected by CVE-2020-9386.
The severity of CVE-2020-9386 is medium with a CVSS score of 4.3.
The file metadata disclosure vulnerability can be exploited by disclosing file information to group members in the Elasticsearch result list, even if they no longer have access to the file.
Yes, upgrades to Mahara version 18.10.5, 19.04.4, or 19.10.2 are available to fix the vulnerability.