fkie_nvd - fkie_cve-2011-2774

fkie_cve-2011-2774

Vulnerability from fkie_nvd

Published

2011-11-15 03:57

Modified

2025-04-11 00:51

Severity ?

Summary

The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/46719	Vendor Advisory
cve@mitre.org	https://launchpad.net/bugs/798128	Patch
cve@mitre.org	https://launchpad.net/mahara/+milestone/1.4.1	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/46719	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.net/bugs/798128	Patch
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.net/mahara/+milestone/1.4.1	Patch

Impacted products

Vendor	Product	Version
mahara	mahara	1.3.0
mahara	mahara	1.3.0
mahara	mahara	1.3.0
mahara	mahara	1.3.0
mahara	mahara	1.3.0
mahara	mahara	1.3.0
mahara	mahara	1.3.1
mahara	mahara	1.3.2
mahara	mahara	1.3.3
mahara	mahara	1.3.4
mahara	mahara	1.3.5
mahara	mahara	1.3.6
mahara	mahara	1.3.7
mahara	mahara	1.4
mahara	mahara	1.4
mahara	mahara	1.4
mahara	mahara	1.4
mahara	mahara	1.4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B41ED313-9CB3-4BBB-9FAF-737FFE7CBD9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0262773C-58A6-4706-B5A2-5C60EC798A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9525B6E-A870-499E-9E73-FEBB3880ADC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CF82733-11FD-41CB-9D5C-A81D891AD57D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BC3515E-0923-40D8-A026-833DCAE47648",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A17F7E30-71E4-41FC-883C-9E5DBF659A9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E564972A-F44F-4935-BE50-8CB8A3F6483A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The \"Reply to message\" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter."
    },
    {
      "lang": "es",
      "value": "La caracter\u00edstica \"Reply to message\" en Mahara v1.3.x y v1.4.x, antes de v1.4.1, permite a usuarios autenticados remotamente leer mensajes de un usuario diferente a trav\u00e9s de un par\u00e1metro replyto modificado"
    }
  ],
  "id": "CVE-2011-2774",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-11-15T03:57:56.583",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46719"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://launchpad.net/bugs/798128"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://launchpad.net/mahara/+milestone/1.4.1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/46719"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://launchpad.net/bugs/798128"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://launchpad.net/mahara/+milestone/1.4.1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-2774 (GCVE-0-2011-2774)

Vulnerability from cvelistv5

Published

2011-11-15 02:00