Vulnerabilities > CVE-2022-24694 - Files or Directories Accessible to External Parties vulnerability in Mahara

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mahara

CWE-552

NVD

Published: 2022-02-09

Updated: 2022-02-11

Summary

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)

Vulnerable Configurations

Part	Description	Count
Application	Mahara Mahara Mahara 21.10.0 Mahara Mahara 20.10.0 Mahara Mahara 20.10.1 Mahara Mahara 20.10.2 Mahara Mahara 20.10.3 Mahara Mahara 21.04.0 Mahara Mahara 21.04.1 Mahara Mahara 21.04.2	14

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://bugs.launchpad.net/mahara/+bug/1952808
https://mahara.org/interaction/forum/topic.php?id=8994