CVE-2024-47192

Опубликовано: 26 авг. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download.

Ссылки

https://mahara.org/interaction/forum/topic.php?id=9594
Vendor Advisory
https://mahara.org/interaction/forum/view.php?id=43
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*

Версия до 23.04.9 (исключая)

cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*

Версия от 24.04.0 (включая) до 24.04.5 (исключая)

EPSS

Процентиль: 3%

0.00017

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-494

Связанные уязвимости

CVE-2024-47192

CVSS3: 5.3

debian

6 месяцев назад

An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a ma ...

GHSA-3p74-fjhf-m5jm

CVSS3: 5.3

github

6 месяцев назад

An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download.

EPSS

Процентиль: 3%

0.00017

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-494