CVE-2017-1000131

Published Nov 3, 2017

Last updated 5 years ago

CVSS medium 6.5

Overview

Description: Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-613

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CEC8639-ECF7-4479-B88E-EA3C3D7F6A0A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References