CVE-2017-1000155

MEDIUM

Mahara <15.04.8-16.04.2 - Info Disclosure

Title source: llm
STIX 2.1

Description

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.

References (1)

Core 1
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/mahara/+bug/1600069

Scores

CVSS v3 4.3
EPSS 0.0068
EPSS Percentile 47.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (16)
mahara/mahara 15.04 rc1 (2 CPE variants)
mahara/mahara 15.04.0
mahara/mahara 15.04.1
mahara/mahara 15.04.2
mahara/mahara 15.04.3
mahara/mahara 15.04.4
mahara/mahara 15.04.5
mahara/mahara 15.04.6
mahara/mahara 15.04.7
mahara/mahara 16.04 rc1 (2 CPE variants)
... and 6 more
Published Nov 03, 2017
Tracked Since Feb 18, 2026