fkie_nvd - fkie_cve-2017-1000147

fkie_cve-2017-1000147

Vulnerability from fkie_nvd

Published

2017-11-03 18:29

Modified

2025-04-20 01:37

Severity ?

6.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Summary

Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.

References

▼	URL	Tags
	cve@mitre.org	https://bugs.launchpad.net/mahara/+bug/1480329	Exploit, Issue Tracking, Mitigation, Patch
	af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/mahara/+bug/1480329	Exploit, Issue Tracking, Mitigation, Patch

Impacted products

Vendor	Product	Version
mahara	mahara	1.9
mahara	mahara	1.9.0
mahara	mahara	1.9.1
mahara	mahara	1.9.2
mahara	mahara	1.9.3
mahara	mahara	1.9.4
mahara	mahara	1.9.5
mahara	mahara	1.9.6
mahara	mahara	1.9.7
mahara	mahara	1.10
mahara	mahara	1.10.0
mahara	mahara	1.10.1
mahara	mahara	1.10.2
mahara	mahara	1.10.3
mahara	mahara	1.10.4
mahara	mahara	1.10.5
mahara	mahara	15.04
mahara	mahara	15.04
mahara	mahara	15.04.0
mahara	mahara	15.04.1
mahara	mahara	15.04.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3852023-B803-418C-BA1D-9545C9FDC44B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8531F69-D7E5-403D-877C-6360C87F9C6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C68FBF-5176-4FE9-BAEF-43AE316F4B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EE66FC6-5D7F-4B4F-BB55-1F9D4F29CC4C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "23092107-1709-43B2-AC94-3A53474CBEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5925E46-8A92-4A67-A8F6-7DF05C34BB55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4A2AF4C-CF93-458D-9FBF-B89BF5425BD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBAB23C-F0F7-4267-8803-9B8ED17145B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A1F9F0-2585-4A7D-8C78-3E935CC78E67",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara\u0027s filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account."
    },
    {
      "lang": "es",
      "value": "Mahara, en versiones 1.9 anteriores a la 1.9.8, versiones 1.10 anteriores a la 1.10.6 y versiones 15.04 anteriores a la 15.04.3, es vulnerable a que se realicen ataques Cross-Site Request Forgery (CSRF) en la herramienta de subida incluida en el widget de b\u00fasqueda de archivos de Mahara. Esto podr\u00eda permitir que un atacante enga\u00f1e a un usuario de Mahara para que suba archivos maliciosos a su cuenta de Mahara sin saberlo."
    }
  ],
  "id": "CVE-2017-1000147",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-03T18:29:00.793",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Mitigation",
        "Patch"
      ],
      "url": "https://bugs.launchpad.net/mahara/+bug/1480329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Mitigation",
        "Patch"
      ],
      "url": "https://bugs.launchpad.net/mahara/+bug/1480329"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2017-1000147 (GCVE-0-2017-1000147)

Vulnerability from cvelistv5

Published

2017-11-03 18:00

Modified

2024-08-05 21:53