CVE-2017-1000139

Published Nov 3, 2017

Last updated 7 years ago

CVSS high 8.0

Overview

Description: Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8
Impact score: 5.9
Exploitability score: 2.1
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6
Impact score: 6.4
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-918

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46815EDD-C3F1-4B87-AC7F-9CCB9DDFF5AD"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A2E3A2C-80F5-477E-BAC3-8217A71A367B"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "795681EE-1AE9-4451-9C65-7EDF39D8D92A"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F877AEB-A0F7-48D6-9094-09F12709D6AA"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37164355-787F-43A0-A9BD-F4E56762940F"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD0EE103-8CDB-43CF-975F-A07762F0E958"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BD8ADD1-C3AE-47DE-9FE2-48094ABDE3FF"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "871F1DFC-3977-4C6A-80AA-7E4131678215"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE9C9686-29B7-4212-9BAD-E04FE0EB8B02"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3852023-B803-418C-BA1D-9545C9FDC44B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23092107-1709-43B2-AC94-3A53474CBEFB"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5925E46-8A92-4A67-A8F6-7DF05C34BB55"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References