3 matches found
CVE-2020-9386
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore...
Mahara 18.10 < 18.10.5, 19.04 < 19.04.4, 19.10 < 19.10.2 Multiple Vulnerabilities
Mahara is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if description...
CVE-2020-9386
The CVE-2020-9386 issue affects Mahara: versions 18.10.x before 18.10.5, 19.04.x before 19.04.4, and 19.10.x before 19.10.2. Root cause is improper access-control enforcement, causing file metadata to be disclosed to group members who no longer have access to the artefact in Elasticsearch result ...