CVE-2013-4432

Published May 19, 2014

Last updated 10 years ago

Overview

Description: Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB56F5A2-EA29-4B55-95F9-15946529F7A0",
            "versionEndIncluding": "1.5.12"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F7BDA1A-B58F-4B0C-ABE2-84090230E1C0"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9AF4A4C-0DB7-442D-ABEE-04B8282D04BC"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65C4D82B-1BAE-48BD-8CBC-BCB74FD39A82"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C61F960D-CCBF-46B6-A443-BF80C2D355C8"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3CBBAE0-99A7-4EA3-A3E9-11CBFE1771DA"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD24E374-E205-4500-A168-44849BF2357C"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F0BDC63-9A2F-4FC5-B768-9D87889CBD96"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "248745EB-DC27-407F-8CB9-421578A07741"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C56CD7F4-B89A-413A-9330-1218FDDEE03E"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB74EBE4-99F2-40D9-88DC-50E118397D64"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F621A6A7-D400-4A48-B2B8-8A815F670277"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D19D9FBF-8FE1-4DC9-801E-D8982D8EF3AD"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "481EBE78-72A3-43A3-96C5-5F5571BEB71C"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "455BA995-8464-4816-A03C-E9AA7DA07548"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D95716D4-2DAE-4BB9-9DE4-2906EFC94492"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.7.:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14A5DCF0-AD5C-4474-9268-1B235835CD4E"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.7.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCF015B5-EA5A-4B6E-9F9D-B78DEC5F7657"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E7EA146-CFF3-40A1-A543-2897C94F3D65"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFA8FD5B-DD85-4934-ACF7-259CCF72DE47"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A37CC03-8050-498E-81CA-7F37EAB5B4DF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References