CVE-2018-11565

EUVD-2018-3591
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
maharamahara
17.04.0 ≤
𝑥
< 17.04.8
maharamahara
17.10.0 ≤
𝑥
< 17.10.5
maharamahara
18.04.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mahara
artful
dne
bionic
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://bugs.launchpad.net/mahara/+bug/1772774
https://mahara.org/interaction/forum/topic.php?id=8271
https://bugs.launchpad.net/mahara/+bug/1772774
https://mahara.org/interaction/forum/topic.php?id=8271