Lucene search

[email protected]CVE-2017-14163

HistoryOct 31, 2017 - 6:29 p.m.

CVE-2017-14163

2017-10-3118:29:00

CWE-384

[email protected]

web.nvd.nist.gov

mahara

unauthorized access

cve-2017-14163

security vulnerability

session management

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.0%

JSON

An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the ‘mahara’ cookie to the old value, they can get access to the user’s account.

Affected configurations

NVD

Node

maharamaharaMatch15.04rc1

maharamaharaMatch15.04rc2

maharamaharaMatch15.04.0

maharamaharaMatch15.04.1

maharamaharaMatch15.04.2

maharamaharaMatch15.04.3

maharamaharaMatch15.04.4

maharamaharaMatch15.04.5

maharamaharaMatch15.04.6

maharamaharaMatch15.04.7

maharamaharaMatch15.04.8

maharamaharaMatch15.04.9

maharamaharaMatch15.04.10

maharamaharaMatch15.04.11

maharamaharaMatch15.04.12

maharamaharaMatch15.04.13

Node

maharamaharaMatch16.04rc1

maharamaharaMatch16.04rc2

maharamaharaMatch16.04.0

maharamaharaMatch16.04.1

maharamaharaMatch16.04.2

maharamaharaMatch16.04.3

maharamaharaMatch16.04.4

maharamaharaMatch16.04.5

maharamaharaMatch16.04.6

maharamaharaMatch16.04.7

Node

maharamaharaMatch16.10rc1

maharamaharaMatch16.10rc2

maharamaharaMatch16.10.0

maharamaharaMatch16.10.1

maharamaharaMatch16.10.2

maharamaharaMatch16.10.3

maharamaharaMatch16.10.4

Node

maharamaharaMatch17.04rc1

maharamaharaMatch17.04rc2

maharamaharaMatch17.04.0

maharamaharaMatch17.04.1

maharamaharaMatch17.04.2

CPENameOperatorVersion
mahara:maharamaharaeq15.04
mahara:maharamaharaeq15.04.0
mahara:maharamaharaeq15.04.1
mahara:maharamaharaeq15.04.2
mahara:maharamaharaeq15.04.3
mahara:maharamaharaeq15.04.4
mahara:maharamaharaeq15.04.5
mahara:maharamaharaeq15.04.6
mahara:maharamaharaeq15.04.7
mahara:maharamaharaeq15.04.8

CPE	Name	Operator	Version
mahara:mahara	mahara	eq	15.04
mahara:mahara	mahara	eq	15.04.0
mahara:mahara	mahara	eq	15.04.1
mahara:mahara	mahara	eq	15.04.2
mahara:mahara	mahara	eq	15.04.3
mahara:mahara	mahara	eq	15.04.4
mahara:mahara	mahara	eq	15.04.5
mahara:mahara	mahara	eq	15.04.6
mahara:mahara	mahara	eq	15.04.7
mahara:mahara	mahara	eq	15.04.8

Rows per page:

1-10 of 151

References

bugs.launchpad.net/mahara/+bug/1701978

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.0%

JSON

Related for CVE-2017-14163

prion1 cvelist1 nvd1 osv1