Vulnerability Database

318,251

Total vulnerabilities in the database

CVE-2020-9386

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.

Published: Mar 9, 2020
Updated: Nov 9, 2025
CVE: CVE-2020-9386
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
mahara / mahara	18.10.0	18.10.5
mahara / mahara	19.04.0	19.04.4
mahara / mahara	19.10.0	19.10.2

https://bugs.launchpad.net/mahara/+bug/1840201
https://mahara.org/interaction/forum/topic.php?id=8589

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo