Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-1000155

Опубликовано: 03 нояб. 2017
Источник: nvd
CVSS3: 4.3
CVSS2: 4
EPSS Низкий

Описание

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*

EPSS

Процентиль: 38%
0.00167
Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

debian логотип

CVE-2017-1000155

CVSS3: 4.3
debian
больше 8 лет назад

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...

github логотип

GHSA-7hj3-xgg9-64qm

CVSS3: 4.3
github
больше 3 лет назад

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.

EPSS

Процентиль: 38%
0.00167
Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200