CVE-2018-11195 Information

Description

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser \back and refresh\ attack. This allows malicious users with physical access to the web browser of a Mahara user after they have logged in to potentially gain access to their Mahara credentials.

CVSS Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://bugs.launchpad.net/mahara/+bug/1770561 https://mahara.org/interaction/forum/topic.php?id=8269

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.8