CVE-2011-0440
Published: 28 March 2011
Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs.
Priority
Status
Package | Release | Status |
---|---|---|
mahara Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Released
(1.2.4-1ubuntu0.2)
|
|
maverick |
Released
(1.2.5-2ubuntu0.1)
|
|
natty |
Not vulnerable
(1.2.7-1)
|
|
upstream |
Released
(1.2.7, 1.3.4)
|
|
Patches: debdiff: https://launchpad.net/bugs/676336 |