CVE-2017-1000150 | SynScan

Vulnerability Database

291,049

Total vulnerabilities in the database

CVE-2017-1000150

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.

Published: Nov 3, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-1000150
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-384

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
mahara / mahara	15.04-rc1	15.04-rc1.x
mahara / mahara	15.04-rc2	15.04-rc2.x
mahara / mahara	15.04.6	15.04.6.x
mahara / mahara	15.04.5	15.04.5.x
mahara / mahara	15.04.4	15.04.4.x
mahara / mahara	15.04.3	15.04.3.x
mahara / mahara	15.04.2	15.04.2.x
mahara / mahara	15.04.1	15.04.1.x
mahara / mahara	15.04.0	15.04.0.x
mahara / mahara	15.10.0	15.10.0.x
mahara / mahara	15.10.1	15.10.1.x
mahara / mahara	15.10.2	15.10.2.x

https://bugs.launchpad.net/mahara/+bug/1567784