CVE-2020-9282

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
maharamahara
18.10.0 ≤
𝑥
< 18.10.5
maharamahara
19.04.0 ≤
𝑥
< 19.04.4
maharamahara
19.10.0 ≤
𝑥
< 19.10.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mahara
eoan
dne
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://bugs.launchpad.net/mahara/+bug/1863043
https://mahara.org/interaction/forum/topic.php?id=8590
https://bugs.launchpad.net/mahara/+bug/1863043
https://mahara.org/interaction/forum/topic.php?id=8590