CVE-2020-9387

In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
maharamahara
19.04 ≤
𝑥
< 19.04.5
maharamahara
19.10 ≤
𝑥
< 19.10.3
maharamahara
20.04:rc1
maharamahara
20.04:rc2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mahara
focal
dne
eoan
dne
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://bugs.launchpad.net/mahara/+bug/1836984
https://mahara.org/interaction/forum/topic.php?id=8612
https://bugs.launchpad.net/mahara/+bug/1836984
https://mahara.org/interaction/forum/topic.php?id=8612