Description
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.
References (1)
Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/mahara/+bug/1567784
Scores
CVSS v3
8.8
EPSS
0.0085
EPSS Percentile
53.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-384
Status
published
Products (11)
mahara/mahara
15.04 rc1 (2 CPE variants)
mahara/mahara
15.04.0
mahara/mahara
15.04.1
mahara/mahara
15.04.2
mahara/mahara
15.04.3
mahara/mahara
15.04.4
mahara/mahara
15.04.5
mahara/mahara
15.04.6
mahara/mahara
15.10.0
mahara/mahara
15.10.1
... and 1 more
Published
Nov 03, 2017
Tracked Since
Feb 18, 2026