1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
Candidate: CVE-2013-4432
PublicDate: 2014-05-19
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4432
https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5831
http://www.openwall.com/lists/oss-security/2013/10/16/7
Description:
Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not
properly restrict access to folders, which allows remote authenticated
users to read arbitrary folders (1) by leveraging an active folder tab
loaded before permissions were removed or (2) via the folder parameter to
artefact/file/groupfiles.php.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_mahara:
upstream: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5831
upstream_mahara: released (1.7.3)
lucid_mahara: ignored (reached end-of-life)
precise_mahara: ignored (reached end-of-life)
precise/esm_mahara: DNE (precise was needed)
quantal_mahara: ignored (reached end-of-life)
raring_mahara: ignored (reached end-of-life)
saucy_mahara: ignored (reached end-of-life)
trusty_mahara: DNE
utopic_mahara: DNE
vivid_mahara: DNE
vivid/stable-phone-overlay_mahara: DNE
vivid/ubuntu-core_mahara: DNE
wily_mahara: DNE
xenial_mahara: DNE
yakkety_mahara: DNE
zesty_mahara: DNE
devel_mahara: DNE
|