Launchpad CVE tracker

CVE 2013-4431

Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request.

Related bugs and status

CVE-2013-4431 (Candidate) is related to these bugs:

Bug #1233500: Not checking ownership of blocks before editing them

		In	Importance	Status
1233500	Not checking ownership of blocks before editing them	Mahara	High	Fix Released
1233500	Not checking ownership of blocks before editing them	Mahara 1.5	Undecided	Fix Released
1233500	Not checking ownership of blocks before editing them	Mahara 1.6	Undecided	Fix Released
1233500	Not checking ownership of blocks before editing them	Mahara 1.7	Undecided	Fix Released
1233500	Not checking ownership of blocks before editing them	mahara (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2013100...
MLIST: [oss-security] 2013101...
MLIST: [oss-security] 2013101...
CONFIRM: https://bugs.launchpad...
CONFIRM: https://mahara.org/int...

Launchpad.net

CVE 2013-4431

Related bugs and status

Related bugs

References