Launchpad CVE tracker

CVE 2020-9387

In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.

Related bugs and status

CVE-2020-9387 (Candidate) is related to these bugs:

Bug #1836984: Elasticsearch not restricting the user search when isolated institutions turned on

		In	Importance	Status
1836984	Elasticsearch not restricting the user search when isolated institutions turned on	Mahara 19.04	High	Fix Released
1836984	Elasticsearch not restricting the user search when isolated institutions turned on	Mahara 19.10	High	Fix Released
1836984	Elasticsearch not restricting the user search when isolated institutions turned on	Mahara 20.04	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-9387

References