Candidate: CVE-2011-1404
PublicDate: 2011-05-13 22:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1404
Description:
 Mahara before 1.3.6 does not properly restrict the data in responses to
 AJAX calls, which allows remote authenticated users to obtain sensitive
 information via a request associated with (1)
 blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3)
 group/membersearchresults.json.php, or (4) json/friendsearch.php, as
 demonstrated by information about friends and e-mail addresses.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/780917
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_mahara:
upstream_mahara: released (1.3.6)
dapper_mahara: DNE
hardy_mahara: DNE
lucid_mahara: released (1.2.4-1ubuntu0.3)
maverick_mahara: released (1.2.5-2ubuntu0.2)
natty_mahara: released (1.2.7-1ubuntu0.1)
devel_mahara: not-affected (1.3.6-1)