CVE-2017-1000134

EUVD-2017-1419
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
maharamahara
1.8:rc1
maharamahara
1.8:rc2
maharamahara
1.8.0
maharamahara
1.8.1
maharamahara
1.8.2
maharamahara
1.8.3
maharamahara
1.8.4
maharamahara
1.8.5
maharamahara
1.9:rc1
maharamahara
1.9.0
maharamahara
1.9.1
maharamahara
1.9.2
maharamahara
1.9.3
maharamahara
1.10:rc1
maharamahara
1.10.0
maharamahara
15.04:rc1
maharamahara
15.04:rc2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugs.launchpad.net/mahara/+bug/1267686
https://bugs.launchpad.net/mahara/+bug/1267686