Candidate: CVE-2011-1402
PublicDate: 2011-05-13 22:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1402
Description:
 Mahara before 1.3.6 allows remote authenticated users to bypass intended
 access restrictions, and suspend a user account, edit a view, visit a view,
 edit a plan artefact, read a plans block, read a plan artefact, edit a
 blog, read a blog block, read a blog artefact, or access a block, via a
 request associated with (1) admin/users/search.json.php, (2)
 view/newviewtoken.json.php, (3) lib/mahara.php, (4)
 artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6)
 artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8)
 blocktype/myfriends/myfriends.json.php, related to incorrect privilege
 enforcement, a missing user id check, and incorrect enforcement of the
 Overriding Start/Stop Dates setting.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/780917
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_mahara:
upstream_mahara: released (1.3.6)
dapper_mahara: DNE
hardy_mahara: DNE
lucid_mahara: released (1.2.4-1ubuntu0.3)
maverick_mahara: released (1.2.5-2ubuntu0.2)
natty_mahara: released (1.2.7-1ubuntu0.1)
devel_mahara: not-affected (1.3.6-1)