CVE-2017-1000143
MEDIUMMahara <1.8.7, <1.9.5, <1.10.3, <15.04.0 - Info Disclosure
Title source: llmDescription
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.
References (1)
Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/mahara/+bug/1429647
Scores
CVSS v3
4.3
EPSS
0.0066
EPSS Percentile
47.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (19)
mahara/mahara
1.8 rc1 (2 CPE variants)
mahara/mahara
1.8.0
mahara/mahara
1.8.1
mahara/mahara
1.8.2
mahara/mahara
1.8.3
mahara/mahara
1.8.4
mahara/mahara
1.8.5
mahara/mahara
1.8.6
mahara/mahara
1.9 rc1
mahara/mahara
1.9.0
... and 9 more
Published
Nov 03, 2017
Tracked Since
Feb 18, 2026