First published: Wed Nov 03 2021(Updated: )
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | <20.04.5 | |
Mahara Mahara | >=20.10.0<20.10.3 | |
Mahara Mahara | >=21.04.0<21.04.2 | |
Mahara Mahara | =21.10.0-rc1 | |
Mahara Mahara | =21.10.0-rc2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-40849 is a vulnerability in Mahara versions before 20.04.5, 20.10.3, 21.04.2, and 21.10.0 that allows the account associated with a web services token to be exploited, leading to information disclosure and potential privilege escalation.
CVE-2021-40849 has a severity rating of 9.8 (critical).
To fix CVE-2021-40849, it is recommended to update to Mahara versions 20.04.5, 20.10.3, 21.04.2, or 21.10.0 or later.
The Common Weakness Enumeration (CWE) for CVE-2021-40849 is CWE-613.
More information about CVE-2021-40849 can be found at the following references: [1](https://bugs.launchpad.net/mahara/+bug/1930469) and [2](https://mahara.org/interaction/forum/topic.php?id=8949).