CVE-2017-1000145 - Improper Access Control vulnerability in Mahara

Publication

2017-11-03

Last modification

2017-11-15

Summary

Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.

Classification

CWE-284 - Improper Access Control

Risk level (CVSS AV:N/AC:L/Au:S/C:N/I:P/A:N)

Medium

4.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Mahara Mahara  1.9.0 , 1.9.3 , 1.9.5 , 1.9.2 , 1.10.3 , 15.04 , 15.04.0 , 15.04.1 , 1.9.6 , 1.10.4 , 1.10.2 , 1.10 , 1.10.1 , 1.9.4 , 1.9 , 1.9.1 , 1.10.0