CVE-2022-44544

Name of the Vulnerable Software and Affected Versions Mahara versions 21.04 through 21.04.6 Mahara versions 21.10 through 21.10.4 Mahara versions 22.04 through 22.04.2 Mahara version 22.10.0

Description The vulnerability exists due to the lack of protection of the web page structure in the PDF Export function of the Mahara open-source e-portfolio web system. Exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability can potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.

Recommendations For Mahara versions 21.04 through 21.04.6, update to version 21.04.7 or later. For Mahara versions 21.10 through 21.10.4, update to version 21.10.5 or later. For Mahara versions 22.04 through 22.04.2, update to version 22.04.3 or later. For Mahara version 22.10.0, update to a version later than 22.10.0. As a temporary workaround, consider setting the flag -dSAFER with Ghostscript to minimize the risk of exploitation.