PT-2014-2789 · Catalyst It · Mahara
Aaron Wells
+1
·
Publicado
2014-05-19
·
Atualizado
2014-05-19
·
CVE-2013-4429
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mahara versions prior to 1.5.12
Mahara versions 1.6.x prior to 1.6.7
Mahara versions 1.7.x prior to 1.7.3
Description
The issue allows remote authenticated users to read arbitrary artefacts. This can be achieved via the
artefact id in an upload action when creating a journal or the instconf artefactid selected[ID] parameter in an upload action when editing a block.Recommendations
For Mahara versions prior to 1.5.12, update to version 1.5.12 or later.
For Mahara versions 1.6.x prior to 1.6.7, update to version 1.6.7 or later.
For Mahara versions 1.7.x prior to 1.7.3, update to version 1.7.3 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mahara