{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2017-08-22T00:00:00", "datePublic": "2017-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/mahara/+bug/1577251"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2017-08-22T17:29:33.364092", "ID": "CVE-2017-1000153", "REQUESTER": "info@mahara.org", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.launchpad.net/mahara/+bug/1577251", "refsource": "MISC", "url": "https://bugs.launchpad.net/mahara/+bug/1577251"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:53:07.128Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.launchpad.net/mahara/+bug/1577251"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000153", "datePublished": "2017-11-03T18:00:00", "dateReserved": "2017-11-02T00:00:00", "dateUpdated": "2024-08-05T21:53:07.128Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*", "matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*", "matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*", "matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*", "matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*", "matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*", "matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*", "matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*", "matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*", "matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*", "matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.8:*:*:*:*:*:*:*", "matchCriteriaId": "EC2D2EDD-0072-45A5-9FF6-BF4616109DE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.9:*:*:*:*:*:*:*", "matchCriteriaId": "8ECDD170-7B22-4F4E-AF8C-BF7698A92FBA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*", "matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*", "matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*", "matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*", "matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04.2:*:*:*:*:*:*:*", "matchCriteriaId": "BB5A96D5-CF12-470B-8ADE-183F09D57262", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04.3:*:*:*:*:*:*:*", "matchCriteriaId": "76D70CE2-AEA2-47B0-83D6-3F8A6E949D7A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "7CEC8639-ECF7-4479-B88E-EA3C3D7F6A0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "B04E216C-E51E-44FE-85F0-23C0F1EA9928", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "7FB9ABF0-E574-4694-A78A-4131D128D895", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account."}, {"lang": "es", "value": "Mahara, en versiones 15.04 anteriores a la 15.04.10, versiones 15.10 anteriores a la 15.10.6 y versiones 16.04 anteriores a la 16.04.4, es vulnerable a un control de acceso incorrecto debido a que, despu\u00e9s de que se env\u00ede el enlace de restauraci\u00f3n de contrase\u00f1a por correo y el usuario modifique su correo por defecto, Mahara no invalida correctamente el enlace antiguo. Como consecuencia, el enlace del correo se puede utilizar para conseguir acceso a la cuenta del usuario."}], "id": "CVE-2017-1000153", "lastModified": "2024-11-21T03:04:17.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-03T18:29:01.027", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/mahara/+bug/1577251"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/mahara/+bug/1577251"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}