CVE-2018-11195

MEDIUM

Mahara 17.04.0-17.04.7, 17.10.0-17.10.4, 18.04.0 - Sensitive Information Exposure via Browser Back/Refresh

Title source: llm
STIX 2.1

Description

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.

References (2)

Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://bugs.launchpad.net/mahara/+bug/1770561
Vendor Advisory x_refsource_confirm
https://mahara.org/interaction/forum/topic.php?id=8269

Scores

CVSS v3 6.8
EPSS 0.0052
EPSS Percentile 40.4%
Attack Vector PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (2)
mahara/mahara 18.04.0
mahara/mahara 17.04.0 - 17.04.8
Published Jun 01, 2018
Tracked Since Feb 18, 2026