CVE-2017-1000151 Information

Description

Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.

Vulnerability Type (CWE)

CWE-200

Published

2017-11-03

Last Modified

2017-11-13

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

7.5 HIGH

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

References

https://bugs.launchpad.net/mahara/+bug/1570221 (Issue Tracking,Patch,Third Party Advisory)