CVE-2017-1000131

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.

Published: Nov 3, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-1000131
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-613

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
mahara / mahara	15.04-rc1	15.04-rc1.x
mahara / mahara	15.04-rc2	15.04-rc2.x
mahara / mahara	15.04.7	15.04.7.x
mahara / mahara	15.04.6	15.04.6.x
mahara / mahara	15.04.5	15.04.5.x
mahara / mahara	15.04.4	15.04.4.x
mahara / mahara	15.04.3	15.04.3.x
mahara / mahara	15.04.2	15.04.2.x
mahara / mahara	15.04.1	15.04.1.x
mahara / mahara	15.04.0	15.04.0.x
mahara / mahara	16.04-rc1	16.04-rc1.x
mahara / mahara	16.04-rc2	16.04-rc2.x
mahara / mahara	16.04.0	16.04.0.x
mahara / mahara	16.04.1	16.04.1.x
mahara / mahara	15.10.0	15.10.0.x
mahara / mahara	15.10.1	15.10.1.x
mahara / mahara	15.10.2	15.10.2.x
mahara / mahara	15.10.3	15.10.3.x

https://bugs.launchpad.net/mahara/+bug/1084336

Vulnerability Database

291,049

CVE-2017-1000131