PT-2022-16472 · Mahara · Mahara

Doris ⚡

Published

2022-02-10

Updated

2022-02-23

CVE-2022-24111

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mahara versions 21.04 through 21.04.2 Mahara versions 21.10 through 21.10.0

Description The issue allows portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels to be viewed without requiring a login if the URL to these portfolios is known.

Recommendations For Mahara versions 21.04 through 21.04.2, update to version 21.04.3 to resolve the issue. For Mahara versions 21.10 through 21.10.0, update to version 21.10.1 to resolve the issue.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2022-24111

Affected Products

Mahara

PT-2022-16472 · Mahara · Mahara

CVE-2022-24111

Weakness Enumeration

Related Identifiers

Affected Products

References · 6