Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2014-05-19T14:00:00
Updated: 2024-08-06T16:45:13.524Z
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4432
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-05-19T14:55:08.563
Modified: 2024-11-21T01:55:33.483
Link: CVE-2013-4432
Redhat
No data.