PT-2017-13288 · Catalyst It · Mahara
Kris-Hoeppner
+4
·
Publicado
2017-10-31
·
Atualizado
2019-10-03
·
CVE-2017-14163
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Mahara versions prior to 15.04.14
Mahara versions 16.x prior to 16.04.8
Mahara versions 16.10.x prior to 16.10.5
Mahara versions 17.x prior to 17.04.3
Description
An issue allows unauthorized access to a user's account if the browser is closed without logging out of Mahara. The value in the
usr session table remains, and an attacker can exploit this by adjusting the mahara cookie to the old value, thus gaining access to the user's account.Recommendations
For Mahara versions prior to 15.04.14, update to version 15.04.14 or later.
For Mahara versions 16.x prior to 16.04.8, update to version 16.04.8 or later.
For Mahara versions 16.10.x prior to 16.10.5, update to version 16.10.5 or later.
For Mahara versions 17.x prior to 17.04.3, update to version 17.04.3 or later.
Correção
Session Fixation
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mahara