Vulnerabilities > Mahara > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-03 | CVE-2017-1000139 | Server-Side Request Forgery (SSRF) vulnerability in Mahara Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. | 8.0 |
| 2017-11-03 | CVE-2017-1000134 | Incorrect Permission Assignment for Critical Resource vulnerability in Mahara Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them. | 8.1 |
| 2017-11-03 | CVE-2017-1000133 | Information Exposure vulnerability in Mahara Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages. | 7.5 |
| 2017-10-31 | CVE-2017-14163 | Session Fixation vulnerability in Mahara An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. | 8.8 |