Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-4432

Опубликовано: 19 мая 2014
Источник: nvd
CVSS2: 4
EPSS Низкий

Описание

Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
Версия до 1.5.12 (включая)
cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5.9:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.5.11:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:mahara:mahara:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.6.7:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:mahara:mahara:1.7.:rc1:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.7.0:-:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:1.7.3:*:*:*:*:*:*:*

EPSS

Процентиль: 41%
0.0019
Низкий

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2013-4432

ubuntu
больше 11 лет назад

Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php.

debian логотип

CVE-2013-4432

debian
больше 11 лет назад

Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does ...

github логотип

GHSA-ggf9-q837-78jp

github
больше 3 лет назад

Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php.

EPSS

Процентиль: 41%
0.0019
Низкий

4 Medium

CVSS2

Дефекты

CWE-264