Описание
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 21.04.0 (включая) до 21.04.3 (исключая)
Одно из
cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:21.10.0:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00203
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 5.3
debian
почти 4 года назад
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios cr ...
github
почти 4 года назад
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known.
EPSS
Процентиль: 42%
0.00203
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306