fkie_cve-2017-1000155
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1600069 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1600069 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 15.10.0 | |
| mahara | mahara | 15.10.1 | |
| mahara | mahara | 15.10.2 | |
| mahara | mahara | 15.10.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEC8639-ECF7-4479-B88E-EA3C3D7F6A0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user\u0027s uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the \"default\" or used in any pages."
},
{
"lang": "es",
"value": "Mahara, en versiones 15.04 anteriores a la 15.04.8, versiones 15.10 anteriores a la 15.10.4 y versiones 16.04 anteriores a la 16.04.2, es vulnerable a que se acceda a fotos de perfil sin ninguna verificaci\u00f3n de control de acceso. Como consecuencia, esto permite que cualquier usuario pueda visualizar las fotos de perfil subidas por los otros usuarios, tanto si est\u00e1n establecidas como foto por defecto, como si se utilizan en cualquier p\u00e1gina."
}
],
"id": "CVE-2017-1000155",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:01.090",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1600069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1600069"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…