CVE-2020-9387
N/A
N/A
Summary
In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://bugs.launchpad.net/mahara/+bug/1836984
- https://mahara.org/interaction/forum/topic.php?id=8612
References
- https://bugs.launchpad.net/mahara/+bug/1836984
- https://mahara.org/interaction/forum/topic.php?id=8612
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.