CVE-2018-11565

MEDIUM

Mahara 17.04.0-17.04.7, 17.10.0-17.10.4, 18.04.0 - Unauthorized Username Exposure

Title source: llm
STIX 2.1

Description

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://mahara.org/interaction/forum/topic.php?id=8271
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugs.launchpad.net/mahara/+bug/1772774

Scores

CVSS v3 5.3
EPSS 0.0089
EPSS Percentile 55.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
mahara/mahara 18.04.0
mahara/mahara 17.04.0 - 17.04.8
Published May 30, 2018
Tracked Since Feb 18, 2026