Vulnerability Database

291,049

Total vulnerabilities in the database

CVE-2020-9387

In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.

  • Published: Apr 30, 2020
  • Updated: Apr 14, 2023
  • CVE: CVE-2020-9387
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:M/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
mahara / mahara 19.10 19.10.3
mahara / mahara 19.04 19.04.5
mahara / mahara 20.04-rc2 20.04-rc2.x
mahara / mahara 20.04-rc1 20.04-rc1.x