Comment 3 for bug 1836984
Revision history for this message
| Kristina Hoeppner (kris-hoeppner) wrote | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Vulnerability type: Incorrect access control
Attack type: Remote
Impact: Information disclosure
Affected: Elasticsearch implementation in Mahara
In Mahara 19.04 before 19.04.4 and 19.10 before 19.10.2, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.
Reference: https:/
Credit: Robert Lyon (Catalyst IT)
CVE: 2020-9387
(link CVE number to https:/