Vulnerability Details CVE-2022-24111
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.8%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2022-24111
-
cpe:2.3:a:mahara:mahara:21.04.0
-
cpe:2.3:a:mahara:mahara:21.04.1
-
cpe:2.3:a:mahara:mahara:21.04.2
-
cpe:2.3:a:mahara:mahara:21.10.0