CVE-2009-2171

Published Jun 23, 2009

Last updated 16 years ago

CVSS info 4.0

Overview

Description: Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "199ABBC1-BBAC-41BA-B70F-7B95C99D9B0C"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References