Security Vulnerabilities - CVEs Published In November 2017
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-11-03
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on.
CVSS Score
4.4
EPSS Score
0.002
Published
2017-11-03
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-11-03
A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-11-03
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-11-03
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-11-03
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-11-03
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.
CVSS Score
8.1
EPSS Score
0.002
Published
2017-11-03
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-11-03
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-11-03