Lisa Seeto

**Name of the Vulnerable Software and Affected Versions** Mahara versions 18.10 through 18.10.4 Mahara versions 19.04 through 19.04.3 Mahara versions 19.10 through 19.10.1 **Description** The issue concerns the disclosure of file metadata information to group members in the Elasticsearch result list, despite them not having access to the artefact anymore. This occurs due to a problem where access controls are not properly enforced, leading to unauthorized disclosure of information. **Recommendations** For Mahara versions 18.10 through 18.10.4, update to version 18.10.5 or later. For Mahara versions 19.04 through 19.04.3, update to version 19.04.4 or later. For Mahara versions 19.10 through 19.10.1, update to version 19.10.2 or later.