CVE 2009-3298
Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors.
Related bugs and status
CVE-2009-3298 (Candidate) is related to these bugs:
Bug #463082: privilege escalation for institution admins CVE-2009-3298
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 463082 | privilege escalation for institution admins CVE-2009-3298 | mahara (Ubuntu) | Undecided | Fix Released | ||
| 463082 | privilege escalation for institution admins CVE-2009-3298 | mahara (Ubuntu Jaunty) | Undecided | Fix Released | ||
| 463082 | privilege escalation for institution admins CVE-2009-3298 | mahara (Ubuntu Karmic) | Undecided | Fix Released | ||
| 463082 | privilege escalation for institution admins CVE-2009-3298 | mahara (Ubuntu Lucid) | Undecided | Fix Released | ||
Bug #463083: cross-site scripting vulnerability in resume blocktype CVE-2009-3299
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 463083 | cross-site scripting vulnerability in resume blocktype CVE-2009-3299 | mahara (Ubuntu) | Undecided | Fix Released | ||
| 463083 | cross-site scripting vulnerability in resume blocktype CVE-2009-3299 | mahara (Ubuntu Jaunty) | Undecided | Fix Released | ||
| 463083 | cross-site scripting vulnerability in resume blocktype CVE-2009-3299 | mahara (Ubuntu Karmic) | Undecided | Fix Released | ||
| 463083 | cross-site scripting vulnerability in resume blocktype CVE-2009-3299 | mahara (Ubuntu Lucid) | Undecided | Fix Released | ||
Bug #486687: Please sync mahara 1.1.7-1 (universe) from Debian unstable (main).
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 486687 | Please sync mahara 1.1.7-1 (universe) from Debian unstable (main). | mahara (Ubuntu) | Wishlist | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
