CVE-2017-1000143

MEDIUM

Mahara <1.8.7, <1.9.5, <1.10.3, <15.04.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.

References (1)

Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/mahara/+bug/1429647

Scores

CVSS v3 4.3
EPSS 0.0066
EPSS Percentile 47.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (19)
mahara/mahara 1.8 rc1 (2 CPE variants)
mahara/mahara 1.8.0
mahara/mahara 1.8.1
mahara/mahara 1.8.2
mahara/mahara 1.8.3
mahara/mahara 1.8.4
mahara/mahara 1.8.5
mahara/mahara 1.8.6
mahara/mahara 1.9 rc1
mahara/mahara 1.9.0
... and 9 more
Published Nov 03, 2017
Tracked Since Feb 18, 2026