CVE-2024-47192

An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
maharamahara
𝑥
< 23.04.9
maharamahara
24.04.0 ≤
𝑥
< 24.04.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://mahara.org/interaction/forum/topic.php?id=9594
https://mahara.org/interaction/forum/view.php?id=43