In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-11-03T10:14:53
Updated: 2024-08-04T02:51:07.447Z
Reserved: 2021-09-10T00:00:00
Link: CVE-2021-40849
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-11-03T11:15:08.310
Modified: 2021-11-05T12:23:38.237
Link: CVE-2021-40849
Redhat
No data.