First published: Thu Feb 10 2022(Updated: )
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | >=21.04.0<21.04.3 | |
Mahara Mahara | =21.10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Mahara vulnerability is CVE-2022-24111.
The severity of CVE-2022-24111 is medium with a severity value of 5.3.
Mahara versions 21.04 before 21.04.3 and 21.10 before 21.10.1 are affected by CVE-2022-24111.
CVE-2022-24111 allows portfolios created in certain groups or on the site and institution levels to be viewed without requiring a login if the URL is known.
Yes, the fix for CVE-2022-24111 is to upgrade to Mahara version 21.04.3 or 21.10.1.