CVE-2017-14163

Published Oct 31, 2017

Last updated 5 years ago

CVSS high 8.8

Overview

Description: An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the 'mahara' cookie to the old value, they can get access to the user's account.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-384

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC2D2EDD-0072-45A5-9FF6-BF4616109DE6"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ECDD170-7B22-4F4E-AF8C-BF7698A92FBA"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5FF82A5-DF51-4719-9940-85A0E4AF4626"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3605A76D-1C09-4998-B387-FE7BED77B2B7"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF0D2C52-AFA4-4C35-8D8A-76AB94292E4C"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FB396B0-459E-4C15-9813-980F35C4C44D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB5A96D5-CF12-470B-8ADE-183F09D57262"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76D70CE2-AEA2-47B0-83D6-3F8A6E949D7A"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9BD9F88-E643-4CF5-A426-82B2D6133F7E"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77F2D3A9-81B1-42E3-AF72-FBA985C48650"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D050E953-88B1-40F7-98A8-B6A026292B2C"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.04.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12CDBF96-CFA2-4941-A9D9-C618A2A1D08D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.10:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C590A8C-43CB-4B22-9F33-FD8BB01DCF5E"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.10:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F4DF3D9-A46D-4933-84FB-8179651C5B3D"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D642FA0-D977-4157-B379-3BBA86D80D99"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57D2BD22-57F7-4594-AE5F-426AA1D74BFD"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.10.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5712D88-9218-4E7D-977C-07755D1B0D8D"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.10.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EA26090-2ED4-453D-85AA-46ED4E00DFE4"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:16.10.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29F2B552-479F-4EEA-858B-2920E14BF5C0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:17.04:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E4968B1-0D09-4449-B2A8-22B8C4B4346D"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:17.04:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68A1A68E-704F-49C9-B07A-23C1B69A0966"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:17.04.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26F30A3C-0BAA-45F8-A1D2-3FD8D381A1FB"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:17.04.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "262C2C07-CFDB-42A0-8896-758F1FF5BE93"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:17.04.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "265120A4-CD21-425B-9272-06EB68654A80"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References