CVE-2024-47192

EUVD-2024-54914
An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
maharamahara
𝑥
< 23.04.9
maharamahara
24.04.0 ≤
𝑥
< 24.04.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://mahara.org/interaction/forum/topic.php?id=9594
https://mahara.org/interaction/forum/view.php?id=43