CVE-2018-11195

EUVD-2018-3237
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
maharamahara
17.04.0 ≤
𝑥
< 17.04.8
maharamahara
17.10.0 ≤
𝑥
< 17.10.5
maharamahara
18.04.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mahara
artful
dne
bionic
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://bugs.launchpad.net/mahara/+bug/1770561
https://mahara.org/interaction/forum/topic.php?id=8269
https://bugs.launchpad.net/mahara/+bug/1770561
https://mahara.org/interaction/forum/topic.php?id=8269