6.8

CVE-2017-1000147

Exploit
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MaharaMahara Version1.9 Updaterc1
MaharaMahara Version1.9.0
MaharaMahara Version1.9.1
MaharaMahara Version1.9.2
MaharaMahara Version1.9.3
MaharaMahara Version1.9.4
MaharaMahara Version1.9.5
MaharaMahara Version1.9.6
MaharaMahara Version1.9.7
MaharaMahara Version1.10 Updaterc1
MaharaMahara Version1.10.0
MaharaMahara Version1.10.1
MaharaMahara Version1.10.2
MaharaMahara Version1.10.3
MaharaMahara Version1.10.4
MaharaMahara Version1.10.5
MaharaMahara Version15.04 Updaterc1
MaharaMahara Version15.04 Updaterc2
MaharaMahara Version15.04.0
MaharaMahara Version15.04.1
MaharaMahara Version15.04.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.319
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

https://bugs.launchpad.net/mahara/+bug/1480329
Patch
Exploit
Issue Tracking
Mitigation