CVE-2017-1000135

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
maharamahara
1.8:rc1
maharamahara
1.8:rc2
maharamahara
1.8.0
maharamahara
1.8.1
maharamahara
1.8.2
maharamahara
1.8.3
maharamahara
1.8.4
maharamahara
1.8.5
maharamahara
1.8.6
maharamahara
1.9:rc1
maharamahara
1.9.0
maharamahara
1.9.1
maharamahara
1.9.2
maharamahara
1.9.3
maharamahara
1.9.4
maharamahara
1.10:rc1
maharamahara
1.10.0
maharamahara
1.10.1
maharamahara
1.10.2
maharamahara
15.04:rc1
maharamahara
15.04:rc2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugs.launchpad.net/mahara/+bug/1348024
https://bugs.launchpad.net/mahara/+bug/1348024