CVE-2017-1000136

Published Nov 3, 2017

Last updated 25 days ago

CVSS medium 6.5

Overview

Description: Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-613

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46815EDD-C3F1-4B87-AC7F-9CCB9DDFF5AD"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A2E3A2C-80F5-477E-BAC3-8217A71A367B"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "795681EE-1AE9-4451-9C65-7EDF39D8D92A"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F877AEB-A0F7-48D6-9094-09F12709D6AA"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37164355-787F-43A0-A9BD-F4E56762940F"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD0EE103-8CDB-43CF-975F-A07762F0E958"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BD8ADD1-C3AE-47DE-9FE2-48094ABDE3FF"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.8.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "871F1DFC-3977-4C6A-80AA-7E4131678215"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References