CVE-2011-1404

Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
maharamahara
𝑥
≤ 1.3.5
maharamahara
0.9.0
maharamahara
0.9.1
maharamahara
0.9.2
maharamahara
1.0.0
maharamahara
1.0.1
maharamahara
1.0.2
maharamahara
1.0.3
maharamahara
1.0.4
maharamahara
1.0.5
maharamahara
1.0.6
maharamahara
1.0.7
maharamahara
1.0.8
maharamahara
1.0.9
maharamahara
1.0.10
maharamahara
1.0.11
maharamahara
1.0.12
maharamahara
1.0.13
maharamahara
1.0.14
maharamahara
1.0.15
maharamahara
1.1
maharamahara
1.1.0
maharamahara
1.1.0:alpha1
maharamahara
1.1.0:alpha2
maharamahara
1.1.0:alpha3
maharamahara
1.1.0:beta1
maharamahara
1.1.0:beta2
maharamahara
1.1.0:beta3
maharamahara
1.1.0:beta4
maharamahara
1.1.0:rc1
maharamahara
1.1.0:rc2
maharamahara
1.1.1
maharamahara
1.1.2
maharamahara
1.1.3
maharamahara
1.1.4
maharamahara
1.1.5
maharamahara
1.1.6
maharamahara
1.1.7
maharamahara
1.1.8
maharamahara
1.1.9
maharamahara
1.2.0
maharamahara
1.2.0:alpha1
maharamahara
1.2.0:alpha2
maharamahara
1.2.0:alpha3
maharamahara
1.2.0:beta1
maharamahara
1.2.0:beta2
maharamahara
1.2.0:beta3
maharamahara
1.2.0:beta4
maharamahara
1.2.0:rc1
maharamahara
1.2.1
maharamahara
1.2.2
maharamahara
1.2.3
maharamahara
1.2.4
maharamahara
1.2.5
maharamahara
1.2.6
maharamahara
1.3.0
maharamahara
1.3.0:beta1
maharamahara
1.3.0:beta2
maharamahara
1.3.0:beta3
maharamahara
1.3.0:beta4
maharamahara
1.3.0:rc1
maharamahara
1.3.1
maharamahara
1.3.2
maharamahara
1.3.3
maharamahara
1.3.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mahara
natty
Fixed 1.2.7-1ubuntu0.1
released
maverick
Fixed 1.2.5-2ubuntu0.2
released
lucid
Fixed 1.2.4-1ubuntu0.3
released
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/44433
http://www.debian.org/security/2011/dsa-2246
http://www.securityfocus.com/bid/47798
https://exchange.xforce.ibmcloud.com/vulnerabilities/67395
https://launchpad.net/mahara/+bug/772140
https://launchpad.net/mahara/+bug/772160
https://launchpad.net/mahara/+bug/772174
https://launchpad.net/mahara/+bug/772179
https://launchpad.net/mahara/+milestone/1.3.6
http://secunia.com/advisories/44433
http://www.debian.org/security/2011/dsa-2246
http://www.securityfocus.com/bid/47798
https://exchange.xforce.ibmcloud.com/vulnerabilities/67395
https://launchpad.net/mahara/+bug/772140
https://launchpad.net/mahara/+bug/772160
https://launchpad.net/mahara/+bug/772174
https://launchpad.net/mahara/+bug/772179
https://launchpad.net/mahara/+milestone/1.3.6