CVE-2017-1000135
medium
CVSS v3
6.5
CVSS v2
4.0
VIR risk
6.5
Description
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://bugs.launchpad.net/mahara/+bug/1348024
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8.0 | |
| mahara | mahara | 1.8.1 | |
| mahara | mahara | 1.8.2 | |
| mahara | mahara | 1.8.3 | |
| mahara | mahara | 1.8.4 | |
| mahara | mahara | 1.8.5 | |
| mahara | mahara | 1.8.6 | |
| mahara | mahara | 1.9 | |
| mahara | mahara | 1.9.0 | |
| mahara | mahara | 1.9.1 | |
| mahara | mahara | 1.9.2 | |
| mahara | mahara | 1.9.3 | |
| mahara | mahara | 1.9.4 | |
| mahara | mahara | 1.10 | |
| mahara | mahara | 1.10.0 | |
| mahara | mahara | 1.10.1 | |
| mahara | mahara | 1.10.2 | |
| mahara | mahara | 15.04 | |
References
CWEs
CWE-613
Verify integrity in audit chain (admin only). AS-IS.