CVE-2020-9386

Published Mar 9, 2020

Last updated 3 months ago

CVSS medium 4.3

Overview

Description: In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87C3AD18-7468-4E09-A60C-DD3D3A307573",
            "versionEndExcluding": "18.10.5",
            "versionStartIncluding": "18.10.0"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9831C01A-2150-42FD-A019-AB7457F24555",
            "versionEndExcluding": "19.04.4",
            "versionStartIncluding": "19.04.0"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18CC7437-0234-44DE-9448-71504D2A0ECD",
            "versionEndExcluding": "19.10.2",
            "versionStartIncluding": "19.10.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References