Launchpad.net

CVE 2011-1403

Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys.

Related bugs and status

CVE-2011-1403 (Candidate) is related to these bugs:

Bug #771598: Session key validation not working in pieforms

		In	Importance	Status
771598	Session key validation not working in pieforms	Mahara	High	Fix Released
771598	Session key validation not working in pieforms	Mahara 1.2	High	Fix Released
771598	Session key validation not working in pieforms	Mahara 1.3	High	Fix Released

Bug #780917: Major security updates for Mahara

		In	Importance	Status
780917	Major security updates for Mahara	mahara (Ubuntu)	Undecided	Fix Released
780917	Major security updates for Mahara	mahara (Ubuntu Lucid)	High	Fix Released
780917	Major security updates for Mahara	mahara (Ubuntu Maverick)	High	Fix Released
780917	Major security updates for Mahara	mahara (Ubuntu Natty)	High	Fix Released
780917	Major security updates for Mahara	mahara (Ubuntu Oneiric)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-1403

Related bugs and status

Related bugs

References