CVE-2020-9387
Published Apr 30, 2020
Last updated 5 years ago
Overview
- Description
- In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03829FC2-5003-4325-B0A9-56AF4B75EAED",
"versionEndExcluding": "19.04.5",
"versionStartIncluding": "19.04"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B87F6ACC-C0AB-469A-92DA-886207E63800",
"versionEndExcluding": "19.10.3",
"versionStartIncluding": "19.10"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:20.04:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "422F667D-A371-4615-AA29-EAA80185386E"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:20.04:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2EAEBCCF-6E76-4B15-BFFA-0119DEFE56D3"
}
],
"operator": "OR"
}
]
}
]