CVE-2023-47799

Name of the Vulnerable Software and Affected Versions: Mahara versions prior to 22.10.4 Mahara versions 23.x prior to 23.04.4

Description: Mahara is susceptible to information disclosure when the experimental HTML bulk export feature is utilized through the administration interface or command-line interface (CLI). The vulnerability arises from a failure to clear the cache after exporting files for one account, potentially including images belonging to other account holders in the exported files provided to account holders.

Recommendations: Update to Mahara version 22.10.4 or later. Update to Mahara version 23.04.4 or later.