CVE-2011-1402

EUVD-2011-1409
Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
maharamahara
𝑥
≤ 1.3.5
maharamahara
0.9.0
maharamahara
0.9.1
maharamahara
0.9.2
maharamahara
1.0.0
maharamahara
1.0.1
maharamahara
1.0.2
maharamahara
1.0.3
maharamahara
1.0.4
maharamahara
1.0.5
maharamahara
1.0.6
maharamahara
1.0.7
maharamahara
1.0.8
maharamahara
1.0.9
maharamahara
1.0.10
maharamahara
1.0.11
maharamahara
1.0.12
maharamahara
1.0.13
maharamahara
1.0.14
maharamahara
1.0.15
maharamahara
1.1
maharamahara
1.1.0
maharamahara
1.1.0:alpha1
maharamahara
1.1.0:alpha2
maharamahara
1.1.0:alpha3
maharamahara
1.1.0:beta1
maharamahara
1.1.0:beta2
maharamahara
1.1.0:beta3
maharamahara
1.1.0:beta4
maharamahara
1.1.0:rc1
maharamahara
1.1.0:rc2
maharamahara
1.1.1
maharamahara
1.1.2
maharamahara
1.1.3
maharamahara
1.1.4
maharamahara
1.1.5
maharamahara
1.1.6
maharamahara
1.1.7
maharamahara
1.1.8
maharamahara
1.1.9
maharamahara
1.2.0
maharamahara
1.2.0:alpha1
maharamahara
1.2.0:alpha2
maharamahara
1.2.0:alpha3
maharamahara
1.2.0:beta1
maharamahara
1.2.0:beta2
maharamahara
1.2.0:beta3
maharamahara
1.2.0:beta4
maharamahara
1.2.0:rc1
maharamahara
1.2.1
maharamahara
1.2.2
maharamahara
1.2.3
maharamahara
1.2.4
maharamahara
1.2.5
maharamahara
1.2.6
maharamahara
1.3.0
maharamahara
1.3.0:beta1
maharamahara
1.3.0:beta2
maharamahara
1.3.0:beta3
maharamahara
1.3.0:beta4
maharamahara
1.3.0:rc1
maharamahara
1.3.1
maharamahara
1.3.2
maharamahara
1.3.3
maharamahara
1.3.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mahara
dapper
dne
hardy
dne
lucid
Fixed 1.2.4-1ubuntu0.3
released
maverick
Fixed 1.2.5-2ubuntu0.2
released
natty
Fixed 1.2.7-1ubuntu0.1
released
Common Weakness Enumeration
References
http://secunia.com/advisories/44433
http://www.debian.org/security/2011/dsa-2246
http://www.securityfocus.com/bid/47798
https://exchange.xforce.ibmcloud.com/vulnerabilities/67396
https://exchange.xforce.ibmcloud.com/vulnerabilities/67397
https://launchpad.net/mahara/+bug/746182
https://launchpad.net/mahara/+bug/771592
https://launchpad.net/mahara/+bug/771614
https://launchpad.net/mahara/+bug/771623
https://launchpad.net/mahara/+bug/771637
https://launchpad.net/mahara/+bug/771644
https://launchpad.net/mahara/+bug/771653
https://launchpad.net/mahara/+bug/772140
https://launchpad.net/mahara/+milestone/1.3.6
http://secunia.com/advisories/44433
http://www.debian.org/security/2011/dsa-2246
http://www.securityfocus.com/bid/47798
https://exchange.xforce.ibmcloud.com/vulnerabilities/67396
https://exchange.xforce.ibmcloud.com/vulnerabilities/67397
https://launchpad.net/mahara/+bug/746182
https://launchpad.net/mahara/+bug/771592
https://launchpad.net/mahara/+bug/771614
https://launchpad.net/mahara/+bug/771623
https://launchpad.net/mahara/+bug/771637
https://launchpad.net/mahara/+bug/771644
https://launchpad.net/mahara/+bug/771653
https://launchpad.net/mahara/+bug/772140
https://launchpad.net/mahara/+milestone/1.3.6