CVE-2017-1000134
HIGHMahara <1.8.6, <1.9.4, <1.10.1, <15.04.0 - Info Disclosure
Title source: llmDescription
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.
References (1)
Core 1
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/mahara/+bug/1267686
Scores
CVSS v3
8.1
EPSS
0.0018
EPSS Percentile
39.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-732
Status
published
Products (15)
mahara/mahara
1.8 rc1 (2 CPE variants)
mahara/mahara
1.8.0
mahara/mahara
1.8.1
mahara/mahara
1.8.2
mahara/mahara
1.8.3
mahara/mahara
1.8.4
mahara/mahara
1.8.5
mahara/mahara
1.9 rc1
mahara/mahara
1.9.0
mahara/mahara
1.9.1
... and 5 more
Published
Nov 03, 2017
Tracked Since
Feb 18, 2026