CVE-2017-1000156
medium
CVSS v3
6.5
CVSS v2
5.5
VIR risk
6.5
Description
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://bugs.launchpad.net/mahara/+bug/1609200
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 15.04.8 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 16.04.2 | |
| mahara | mahara | 15.10.0 | |
| mahara | mahara | 15.10.1 | |
| mahara | mahara | 15.10.2 | |
| mahara | mahara | 15.10.3 | |
| mahara | mahara | 15.10.4 | |
References
CWEs
CWE-269
Verify integrity in audit chain (admin only). AS-IS.