CVE-2018-11565

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
maharamahara
17.04.0 ≤
𝑥
< 17.04.8
maharamahara
17.10.0 ≤
𝑥
< 17.10.5
maharamahara
18.04.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mahara
bionic
dne
artful
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://bugs.launchpad.net/mahara/+bug/1772774
https://mahara.org/interaction/forum/topic.php?id=8271
https://bugs.launchpad.net/mahara/+bug/1772774
https://mahara.org/interaction/forum/topic.php?id=8271