CVE-2013-4429

NameCVE-2013-4429
DescriptionMahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs727545

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
maharasource(unstable)(unfixed)low727545

Notes

https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5833
https://bazaar.launchpad.net/~mahara-release/mahara/1.5_STABLE/revision/5543
https://bugs.launchpad.net/mahara/+bug/1211758
[squeeze] - mahara <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems