First published: Wed Feb 09 2022(Updated: )
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | >=20.10.0<20.10.4 | |
Mahara Mahara | >=21.04.0<21.04.3 | |
Mahara Mahara | =21.10.0 | |
Mahara Mahara | =21.10.0-rc1 | |
Mahara Mahara | =21.10.0-rc2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24694 is a vulnerability in Mahara versions before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1 that allows unauthorized users to see the names of folders in the Files area.
CVE-2022-24694 allows users who do not own the folders to see the names of folders in the Files area, but it does not affect file names or file contents.
CVE-2022-24694 has a severity rating of 4.3, which is considered medium.
To fix CVE-2022-24694, you should update your Mahara installation to version 20.10.4, 21.04.3, or 21.10.1 depending on your current version.
You can find more information about CVE-2022-24694 on the Mahara bug tracker and the Mahara community forum.