Lucene search

Ubuntu.comUB:CVE-2020-9387

HistoryApr 30, 2020 - 12:00 a.m.

CVE-2020-9387

2020-04-3000:00:00

ubuntu.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

22.7%

JSON

In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details
are shared in the Elasticsearch results for accounts that are not
accessible when the config setting ‘Isolated institutions’ is turned on.

References

bugs.launchpad.net/mahara/+bug/1836984

launchpad.net/bugs/cve/CVE-2020-9387

mahara.org/interaction/forum/topic.php?id=8612

nvd.nist.gov/vuln/detail/CVE-2020-9387

security-tracker.debian.org/tracker/CVE-2020-9387

www.cve.org/CVERecord?id=CVE-2020-9387

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

22.7%

JSON

Related for UB:CVE-2020-9387