Vulnerability Details : CVE-2017-1000145
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.
Products affected by CVE-2017-1000145
- cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:1.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-1000145
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-1000145
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
4.9
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
1.2
|
3.6
|
NIST |
References for CVE-2017-1000145
-
https://bugs.launchpad.net/mahara/+bug/1460368
Bug #1460368 “Even if you disallow anonymous comments at the sit...” : Bugs : MaharaExploit;Issue Tracking;Patch;Third Party Advisory
Jump to