GoogleOSV:DSA-1924-1mahara - several vulnerabilities
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
71.0%
Two vulnerabilities have been discovered in mahara, an electronic portfolio,
weblog, and resume builder. The Common Vulnerabilities and Exposures
project identifies the following problems:
- CVE-2009-3298
Ruslan Kabalin discovered a issue with resetting passwords, which could
lead to a privilege escalation of an institutional administrator
account. - CVE-2009-3299
Sven Vetsch discovered a cross-site scripting vulnerability via the
resume fields.
For the stable distribution (lenny), these problems have been fixed in
version 1.0.4-4+lenny4.
The oldstable distribution (etch) does not contain mahara.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your mahara packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mahara | eq | 1.0.4-4 | |
| mahara | eq | 1.0.4-4+lenny1 | |
| mahara | eq | 1.0.4-4+lenny2 | |
| mahara | eq | 1.0.4-4+lenny3 |
References
Related
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
71.0%