Doris Tam

**Name of the Vulnerable Software and Affected Versions** Mahara versions 21.04 through 21.04.2 Mahara versions 21.10 through 21.10.0 **Description** The issue allows portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels to be viewed without requiring a login if the URL to these portfolios is known. **Recommendations** For Mahara versions 21.04 through 21.04.2, update to version 21.04.3 to resolve the issue. For Mahara versions 21.10 through 21.10.0, update to version 21.10.1 to resolve the issue.