{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-04-29T00:00:00", "descriptions": [{"lang": "en", "value": "In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-30T12:46:58", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/mahara/+bug/1836984"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://mahara.org/interaction/forum/topic.php?id=8612"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-9387", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.launchpad.net/mahara/+bug/1836984", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/mahara/+bug/1836984"}, {"name": "https://mahara.org/interaction/forum/topic.php?id=8612", "refsource": "CONFIRM", "url": "https://mahara.org/interaction/forum/topic.php?id=8612"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:26:16.085Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/mahara/+bug/1836984"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://mahara.org/interaction/forum/topic.php?id=8612"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-9387", "datePublished": "2020-04-30T12:46:59", "dateReserved": "2020-02-25T00:00:00", "dateUpdated": "2024-08-04T10:26:16.085Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*", "matchCriteriaId": "03829FC2-5003-4325-B0A9-56AF4B75EAED", "versionEndExcluding": "19.04.5", "versionStartIncluding": "19.04", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*", "matchCriteriaId": "B87F6ACC-C0AB-469A-92DA-886207E63800", "versionEndExcluding": "19.10.3", "versionStartIncluding": "19.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:20.04:rc1:*:*:*:*:*:*", "matchCriteriaId": "422F667D-A371-4615-AA29-EAA80185386E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:20.04:rc2:*:*:*:*:*:*", "matchCriteriaId": "2EAEBCCF-6E76-4B15-BFFA-0119DEFE56D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on."}, {"lang": "es", "value": "En Mahara versiones 19.04 anteriores a la versi\u00f3n  19.04.5 y versiones 19.10 anteriores a la versi\u00f3n 19.10.3, los detalles de cuentas son compartidos en los resultados de Elasticsearch para las cuentas que no son accesibles cuando el ajuste de configuraci\u00f3n \"Isolated institutions\" est\u00e1 activado."}], "id": "CVE-2020-9387", "lastModified": "2024-11-21T05:40:32.317", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-30T13:15:13.460", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/mahara/+bug/1836984"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://mahara.org/interaction/forum/topic.php?id=8612"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/mahara/+bug/1836984"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://mahara.org/interaction/forum/topic.php?id=8612"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}