CVE-2017-1000143

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
maharamahara
1.8:rc1
maharamahara
1.8:rc2
maharamahara
1.8.0
maharamahara
1.8.1
maharamahara
1.8.2
maharamahara
1.8.3
maharamahara
1.8.4
maharamahara
1.8.5
maharamahara
1.8.6
maharamahara
1.9:rc1
maharamahara
1.9.0
maharamahara
1.9.1
maharamahara
1.9.2
maharamahara
1.9.3
maharamahara
1.9.4
maharamahara
1.10:rc1
maharamahara
1.10.0
maharamahara
1.10.1
maharamahara
1.10.2
maharamahara
15.04:rc1
maharamahara
15.04:rc2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugs.launchpad.net/mahara/+bug/1429647
https://bugs.launchpad.net/mahara/+bug/1429647