PT-2022-16808 · Mahara · Mahara

Robert Lyon

Published

2022-02-09

Updated

2022-02-11

CVE-2022-24694

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mahara versions 20.10 through 20.10.3 Mahara versions 21.04 through 21.04.2 Mahara versions 21.10 through 21.10.0

Description The names of folders in the Files area can be seen by a person not owning the folders. Only folder names are affected, neither file names nor file contents are exposed.

Recommendations For Mahara versions 20.10 through 20.10.3, update to version 20.10.4 to resolve the issue. For Mahara versions 21.04 through 21.04.2, update to version 21.04.3 to resolve the issue. For Mahara versions 21.10 through 21.10.0, update to version 21.10.1 to resolve the issue.

Exploit

Fix

Files Accessible to External Parties

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-552

Related Identifiers

CVE-2022-24694

Affected Products

Mahara

PT-2022-16808 · Mahara · Mahara

CVE-2022-24694

Weakness Enumeration

Related Identifiers

Affected Products

References · 7