Vulnerability Details CVE-2022-24694
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.2%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
Products affected by CVE-2022-24694
-
cpe:2.3:a:mahara:mahara:20.10.0
-
cpe:2.3:a:mahara:mahara:20.10.1
-
cpe:2.3:a:mahara:mahara:20.10.2
-
cpe:2.3:a:mahara:mahara:20.10.3
-
cpe:2.3:a:mahara:mahara:21.04.0
-
cpe:2.3:a:mahara:mahara:21.04.1
-
cpe:2.3:a:mahara:mahara:21.04.2
-
cpe:2.3:a:mahara:mahara:21.10.0