Candidate: CVE-2013-4432
PublicDate: 2014-05-19 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4432
 https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5831
 http://www.openwall.com/lists/oss-security/2013/10/16/7
Description:
 Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not
 properly restrict access to folders, which allows remote authenticated
 users to read arbitrary folders (1) by leveraging an active folder tab
 loaded before permissions were removed or (2) via the folder parameter to
 artefact/file/groupfiles.php.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mahara:
 upstream: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5831
upstream_mahara: released (1.7.3)
lucid_mahara: ignored (reached end-of-life)
precise_mahara: ignored (reached end-of-life)
precise/esm_mahara: DNE (precise was needed)
quantal_mahara: ignored (reached end-of-life)
raring_mahara: ignored (reached end-of-life)
saucy_mahara: ignored (reached end-of-life)
trusty_mahara: DNE
trusty/esm_mahara: DNE
utopic_mahara: DNE
vivid_mahara: DNE
vivid/stable-phone-overlay_mahara: DNE
vivid/ubuntu-core_mahara: DNE
wily_mahara: DNE
xenial_mahara: DNE
yakkety_mahara: DNE
zesty_mahara: DNE
devel_mahara: DNE