Design/Logic Flaw

2022-02-0905:15:00

PRIOn knowledge base

www.prio-n.com

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

JSON

In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)

CPENameOperatorVersion
maharaeq21.10.0 rc2
maharaeq21.10.0 rc1
maharaeq21.10.0
maharage20.10.0
maharalt20.10.4
maharage21.04.0
maharalt21.04.3

Name	Operator	Version
mahara	eq	21.10.0 rc2
mahara	eq	21.10.0 rc1
mahara	eq	21.10.0
mahara	ge	20.10.0
mahara	lt	20.10.4
mahara	ge	21.04.0
mahara	lt	21.04.3

References

bugs.launchpad.net/mahara/+bug/1952808

mahara.org/interaction/forum/topic.php?id=8994