CVE-2017-1000131 Information

Description

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.

Vulnerability Type (CWE)

CWE-613

Published

2017-11-03

Last Modified

2019-10-03

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Base Score

6.5 MEDIUM

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

References

https://bugs.launchpad.net/mahara/+bug/1084336 (Exploit,Issue Tracking,Patch,Third Party Advisory)