CVE-2017-1000145

EUVD-2017-1430
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
maharamahara
1.9:rc1
maharamahara
1.9.0
maharamahara
1.9.1
maharamahara
1.9.2
maharamahara
1.9.3
maharamahara
1.9.4
maharamahara
1.9.5
maharamahara
1.9.6
maharamahara
1.10:rc1
maharamahara
1.10.0
maharamahara
1.10.1
maharamahara
1.10.2
maharamahara
1.10.3
maharamahara
1.10.4
maharamahara
15.04:rc1
maharamahara
15.04:rc2
maharamahara
15.04.0
maharamahara
15.04.1
𝑥
= Vulnerable software versions
References
https://bugs.launchpad.net/mahara/+bug/1460368
https://bugs.launchpad.net/mahara/+bug/1460368