CVE-2020-9386
N/A
N/A
Summary
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://bugs.launchpad.net/mahara/+bug/1840201
- https://mahara.org/interaction/forum/topic.php?id=8589
References
- https://bugs.launchpad.net/mahara/+bug/1840201
- https://mahara.org/interaction/forum/topic.php?id=8589
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.