CVE-2017-1000134

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.

Published: Nov 3, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-1000134
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-732

Affected Software
References

Software	From	Fixed in
mahara / mahara	1.8.1	1.8.1.x
mahara / mahara	1.8.2	1.8.2.x
mahara / mahara	1.8.3	1.8.3.x
mahara / mahara	1.8.4	1.8.4.x
mahara / mahara	1.8.5	1.8.5.x
mahara / mahara	1.8.0	1.8.0.x
mahara / mahara	1.8-rc2	1.8-rc2.x
mahara / mahara	1.8-rc1	1.8-rc1.x
mahara / mahara	1.9.1	1.9.1.x
mahara / mahara	1.9.2	1.9.2.x
mahara / mahara	1.9.3	1.9.3.x
mahara / mahara	1.9.0	1.9.0.x
mahara / mahara	1.9-rc1	1.9-rc1.x
mahara / mahara	1.10.0	1.10.0.x
mahara / mahara	1.10-rc1	1.10-rc1.x
mahara / mahara	15.04-rc1	15.04-rc1.x
mahara / mahara	15.04-rc2	15.04-rc2.x

https://bugs.launchpad.net/mahara/+bug/1267686

Vulnerability Database

291,049

CVE-2017-1000134