National Cyber Awareness System

Vulnerability Summary for CVE-2011-1402

Overview

Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://launchpad.net/mahara/+milestone/1.3.6

Type: Patch Information

Hyperlink:https://launchpad.net/mahara/+milestone/1.3.6

External Source: CONFIRM

Name: https://launchpad.net/mahara/+bug/772140

Type: Patch Information

Hyperlink:https://launchpad.net/mahara/+bug/772140

External Source: CONFIRM

Name: https://launchpad.net/mahara/+bug/771653

Type: Patch Information

Hyperlink:https://launchpad.net/mahara/+bug/771653

External Source: CONFIRM

Name: https://launchpad.net/mahara/+bug/771644

Type: Patch Information

Hyperlink:https://launchpad.net/mahara/+bug/771644

External Source: CONFIRM

Name: https://launchpad.net/mahara/+bug/771637

Type: Patch Information

Hyperlink:https://launchpad.net/mahara/+bug/771637

External Source: CONFIRM

Name: https://launchpad.net/mahara/+bug/771623

Type: Patch Information

Hyperlink:https://launchpad.net/mahara/+bug/771623

External Source: CONFIRM

Name: https://launchpad.net/mahara/+bug/771614

Type: Patch Information

Hyperlink:https://launchpad.net/mahara/+bug/771614

External Source: CONFIRM

Name: https://launchpad.net/mahara/+bug/771592

Type: Patch Information

Hyperlink:https://launchpad.net/mahara/+bug/771592

External Source: CONFIRM

Name: https://launchpad.net/mahara/+bug/746182

Type: Patch Information

Hyperlink:https://launchpad.net/mahara/+bug/746182

External Source: XF

Name: mahara-searchjson-sec-bypass(67397)

Hyperlink:http://xforce.iss.net/xforce/xfdb/67397

External Source: XF

Name: mahara-newviewtokenjson-sec-bypass(67396)

Hyperlink:http://xforce.iss.net/xforce/xfdb/67396

External Source: BID

Name: 47798

Hyperlink:http://www.securityfocus.com/bid/47798

External Source: DEBIAN

Name: DSA-2246

Hyperlink:http://www.debian.org/security/2011/dsa-2246

External Source: SECUNIA

Name: 44433

Type: Advisory

Hyperlink:http://secunia.com/advisories/44433