Vulnerability Database

291,049

Total vulnerabilities in the database

CVE-2017-14163

An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the 'mahara' cookie to the old value, they can get access to the user's account.

  • Published: Oct 31, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-14163
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
mahara / mahara 15.04-rc1 15.04-rc1.x
mahara / mahara 15.04-rc2 15.04-rc2.x
mahara / mahara 15.04.13 15.04.13.x
mahara / mahara 15.04.12 15.04.12.x
mahara / mahara 15.04.11 15.04.11.x
mahara / mahara 15.04.10 15.04.10.x
mahara / mahara 15.04.9 15.04.9.x
mahara / mahara 15.04.8 15.04.8.x
mahara / mahara 15.04.7 15.04.7.x
mahara / mahara 15.04.6 15.04.6.x
mahara / mahara 15.04.5 15.04.5.x
mahara / mahara 15.04.4 15.04.4.x
mahara / mahara 15.04.3 15.04.3.x
mahara / mahara 15.04.2 15.04.2.x
mahara / mahara 15.04.1 15.04.1.x
mahara / mahara 15.04.0 15.04.0.x
mahara / mahara 16.04-rc1 16.04-rc1.x
mahara / mahara 16.04-rc2 16.04-rc2.x
mahara / mahara 16.04.0 16.04.0.x
mahara / mahara 16.04.1 16.04.1.x
mahara / mahara 16.04.2 16.04.2.x
mahara / mahara 16.04.3 16.04.3.x
mahara / mahara 16.04.4 16.04.4.x
mahara / mahara 16.04.5 16.04.5.x
mahara / mahara 16.04.6 16.04.6.x
mahara / mahara 16.04.7 16.04.7.x
mahara / mahara 16.10-rc1 16.10-rc1.x
mahara / mahara 16.10-rc2 16.10-rc2.x
mahara / mahara 16.10.0 16.10.0.x
mahara / mahara 16.10.1 16.10.1.x
mahara / mahara 16.10.2 16.10.2.x
mahara / mahara 16.10.3 16.10.3.x
mahara / mahara 16.10.4 16.10.4.x
mahara / mahara 17.04-rc1 17.04-rc1.x
mahara / mahara 17.04-rc2 17.04-rc2.x
mahara / mahara 17.04.0 17.04.0.x
mahara / mahara 17.04.1 17.04.1.x
mahara / mahara 17.04.2 17.04.2.x