Mahara 21.10.1

CPE Details

Mahara 21.10.1
21.10.1
2022-02-09
15h56 +00:00
2022-02-10
19h01 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:mahara:mahara:21.10.1:*:*:*:*:*:*:*

Informations

Vendor

mahara

Product

mahara

Version

21.10.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-42707 2022-11-05 23h00 +00:00 In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.
7.5
High
CVE-2022-44544 2022-11-05 23h00 +00:00 Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.
9.8
Critical
CVE-2022-33913 2022-06-20 13h26 +00:00 In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.
7.5
High
CVE-2022-29585 2022-04-28 13h29 +00:00 In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of).
7.5
High
CVE-2022-29584 2022-04-28 13h26 +00:00 Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.
5.4
Medium
CVE-2022-28892 2022-04-27 22h00 +00:00 Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.
8.8
High