CVE-2011-2774
Published: 15 November 2011
The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter.
Priority
Status
Package | Release | Status |
---|---|---|
mahara Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(1.4 only)
|
|
maverick |
Not vulnerable
(1.4 only)
|
|
natty |
Not vulnerable
(1.4 only)
|
|
oneiric |
Released
(1.4.0-1ubuntu0.1)
|
|
upstream |
Released
(1.4.1-1)
|
|
Patches: debdiff: https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/888358 |