CVE-2013-4432

NameCVE-2013-4432
DescriptionMahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs727539

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
maharasource(unstable)(unfixed)low727539

Notes

[squeeze] - mahara <no-dsa> (Minor issue)
https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5831
https://gitorious.org/mahara/mahara/commit/0b4952e063f50c001e4c2dfc5749f55258bff952
Search for package or bug name: Reporting problems