Launchpad.net

CVE 2017-1000143

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.

Related bugs and status

CVE-2017-1000143 (Candidate) is related to these bugs:

Bug #1429647: Watchlist lets you watch and receive notifications about pages you don't have view access to

		In	Importance	Status
1429647	Watchlist lets you watch and receive notifications about pages you don't have view access to	Mahara	Medium	Fix Released
1429647	Watchlist lets you watch and receive notifications about pages you don't have view access to	Mahara 1.8	Medium	Fix Released
1429647	Watchlist lets you watch and receive notifications about pages you don't have view access to	Mahara 15.04	Medium	Fix Released
1429647	Watchlist lets you watch and receive notifications about pages you don't have view access to	Mahara 1.10	Medium	Fix Released
1429647	Watchlist lets you watch and receive notifications about pages you don't have view access to	Mahara 15.10	Medium	Fix Released
1429647	Watchlist lets you watch and receive notifications about pages you don't have view access to	Mahara 1.9	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.launchpad...