Vulnerability Database

291,049

Total vulnerabilities in the database

CVE-2020-9386

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.

  • Published: Mar 9, 2020
  • Updated: Apr 14, 2023
  • CVE: CVE-2020-9386
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
mahara / mahara 18.10.0 18.10.5
mahara / mahara 19.04.0 19.04.4
mahara / mahara 19.10.0 19.10.2