Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-05-19T14:00:00

Updated: 2024-08-06T16:45:13.524Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4432

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-05-19T14:55:08.563

Modified: 2024-11-21T01:55:33.483

Link: CVE-2013-4432

cve-icon Redhat

No data.