Lucene search

GoogleOSV:CVE-2022-42707

HistoryNov 06, 2022 - 5:15 p.m.

CVE-2022-42707

2022-11-0617:15:10

Google

osv.dev

mahara

security vulnerability

image access

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

JSON

In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.

CPENameOperatorVersion
maharaeq21.04.2_RELEASE
maharaeq21.04.1_RELEASE
maharaeq21.04.5_RELEASE
maharaeq21.04.3_RELEASE
maharaeq21.04.6_RELEASE
maharaeq21.04.4_RELEASE
maharaeq21.04.0_RELEASE

Name	Operator	Version
mahara	eq	21.04.2_RELEASE
mahara	eq	21.04.1_RELEASE
mahara	eq	21.04.5_RELEASE
mahara	eq	21.04.3_RELEASE
mahara	eq	21.04.6_RELEASE
mahara	eq	21.04.4_RELEASE
mahara	eq	21.04.0_RELEASE

References

bugs.launchpad.net/mahara/+bug/1991157

mahara.org/interaction/forum/topic.php?id=9199

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.5%

JSON

Related for OSV:CVE-2022-42707