CVE-2022-33913

In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
maharamahara
21.04.0 ≤
𝑥
< 21.04.6
maharamahara
21.10.0 ≤
𝑥
< 21.10.4
maharamahara
22.04.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://mahara.org/interaction/forum/topic.php?id=9138
https://mahara.org/interaction/forum/topic.php?id=9138