CVE-2017-1000136

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
maharamahara
1.8:rc1
maharamahara
1.8:rc2
maharamahara
1.8.0
maharamahara
1.8.1
maharamahara
1.8.2
maharamahara
1.8.3
maharamahara
1.8.4
maharamahara
1.8.5
maharamahara
1.9:rc1
maharamahara
1.9.0
maharamahara
1.9.1
maharamahara
1.9.2
maharamahara
1.9.3
maharamahara
1.10:rc1
maharamahara
1.10.0
maharamahara
15.04:rc1
maharamahara
15.04:rc2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugs.launchpad.net/mahara/+bug/1363873
https://bugs.launchpad.net/mahara/+bug/1363873