CVE-2020-9282 Information

Description

In Mahara 18.10 before 18.10.5 19.04 before 19.04.4 and 19.10 before 19.10.2 certain personal information is discoverable inspecting network responses on the ‘Edit access’ screen when sharing portfolios.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://bugs.launchpad.net/mahara/+bug/1863043 https://mahara.org/interaction/forum/topic.php?id=8590

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5