Vulnerabilities

CVE-2020-9387

by Fred · 30/04/2020

In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting ‘Isolated institutions’ is turned on.

Date published : 2020-04-30

https://bugs.launchpad.net/mahara/+bug/1836984

https://mahara.org/interaction/forum/topic.php?id=8612

Related

Tags: Cybersecurity Alert